Ars Technica writes that the software in question was the streaming media service/media player Plex. This was achieved by exploiting a remote code execution vulnerability in a third-party media software package. Part of the attack involved the home computer of the engineer, one of only four with access to the decryption keys, being infected with a keylogger. The threat actor was able to steal credentials from a senior DevOps engineer during this period and access the company's shared cloud storage, which contained the encryption keys for customer vault backups stored in Amazon S3 buckets. It writes that although the initial breach ended on August 12, the hacker "was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity" from August 12 to August 26. LastPass revealed more details of the second incident yesterday. Customer passwords remain safely encrypted due to LastPass's Zero Knowledge architecture. We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. This was achieved using information acquired from the previous hack on LastPass in August. It was determined that the hacker was able to gain access to "certain elements" of customers' data. In December, LastPass said it had detected unusual activity within an AWS cloud storage service that the organization and GoTo, the company formerly known as LogMeIn that acquired LastPass in 2021, share. The company confirmed that the incident stemmed from a previous hack in August that enabled the hacker to steal credentials from a DevOps engineer's home computer and obtain a decrypted vault. In brief: Password manager LastPass has revealed details of a breach last year that resulted in partially encrypted user login data being stolen.
0 kommentar(er)
