LastPass discloses additional security issues as the home computer of top engineers was hacked

Posted on March 1, 2023 at 6:48 AM

LastPass discloses additional security issues as the home computer of top engineers was hacked

LastPass has been making headlines because of a major security breach on the platform in August last year. The beleaguered password manager has revealed another major security breach. It could be the last straw for users who have vowed to abandon the password manager in search of a more secure alternative.

LastPass discloses more security issues

In the past few months since the breach of the company last summer, Last Pass has been releasing updates about the major breach of the company. The password manager then revealed that a hacker had accessed the company’s development ecosystem and part of the source code.

However, the company later claimed that there was “no evidence” of the breach having affected any user data. The company released an update in December, saying it made an error with the initial update about user data not being compromised. Instead, it admitted that this breach had indeed affected user data.

In December, LastPass had said that it would not share the compromised user information because of the breach on the company. However, after a few weeks, the beleaguered password manager revealed what had happened and the stakeholders impacted by the breach.

The company revealed that the breach affected vault data belonging to users. The revelation was shocking to users because this data breach might have resulted in accounts being compromised.

Since the latest update in December, LastPass has not shared any additional details until recently. The effect of the breach on the password manager might be worse than most users had imagined, which could be the last straw that will see many users opting out of the service.

Home computer of a LastPass engineer hacked

LastPass released a press release on Monday. According to the company, the initial data breach in August allowed the threat actors to gain unauthorized access to the home computer of one of the most privileged employees at LastPass.

The employee in question is a senior DevOps engineer, among the only four employees in the company with access to the decryption keys. The hackers can use the keys behind this breach to unlock the shared cloud environment on the platform.

The hacker in question installed a keylogger into the engineer’s computer. This breach allowed the hacker to steal the LastPass master password of this employee. The hacker later used the PW to break into the password vault of the LastPass engineer.

After the cybercriminal obtained unauthorized access, they accessed the shared cloud environment for LastPass, which they used to steal a wide range of important data belonging to the employee. This data might also be used to access the LastPass shared cloud environment, where the hackers managed to steal a wide range of sensitive and important data.

The press release by the company said that the cybercriminal “exported the native corporate vault entries and content of shared folders, which contained encrypted secure notes with access and decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups.”

The latest update by LastPass shows that the extent of the security breach is even more severe than earlier imagined. This update will not please most customers on the platform who had already expressed concerns with the unfolding developments of the security issue reported last summer.

The update shows that the cybercriminal behind this attack managed to infiltrate LastPass systems to a great extent. It also shows major weaknesses in the security defenses used by the password manager.

Experts are already warning LastPass users to abandon the platform. Security researcher Joseph Cox believes that all web users should refrain from using LastPass because of the growing threat of security vulnerabilities. According to the security reporter, LastPass had inadequate security measures, suspicious PR tactics, and lacked transparency.

The hack on the engineer’s home computer might be the last straw before users abandon the platform. The extent to which the cybercriminal behind this breach compromised the platform has raised concerns. The fresh details emerging regularly about the security breach paints LastPass as a company with weak security defense systems and a company that is not transparent enough to be trusted with user passwords.

Summary
LastPass discloses additional security issues as the home computer of top engineers was hacked
Article Name
LastPass discloses additional security issues as the home computer of top engineers was hacked
Description
LastPass has disclosed another security breach on its systems. The home computer of one of its top engineers was hacked. This revelation could see users abandoning the platform because of the lack of transparency.
Author
Publisher Name
Koddos
Publisher Logo

Share this:

Related Stories:

Newsletter

Get the latest stories straight
into your inbox!

YOUTUBE

Discover more from KoDDoS Blog

Subscribe now to keep reading and get access to the full archive.

Continue reading