Hackers gained access to highly restricted corporate information and databases after stealing a master password from a senior engineer’s private computer, according to a disclosure made by LastPass. These hackers exploited the password to access highly restricted corporate databases. The password management provider first revealed that it had been hacked in August of the previous year, when it reported that hackers had gained access to the development environment and stolen parts of the LastPass source code along with sensitive technical information. LastPass had said at the time that there was no evidence to suggest that the attackers had gained access to sensitive encrypted vaults or user data. But all this changed in December of last year, when LastPass said that hackers had obtained data from the vault that included encrypted and unencrypted data, including information about customers.
The corporation has now revealed that the second attack was driven by information that was acquired during the first attack, as well as information obtained in previous breaches and the exploitation of a cybersecurity weakness.
This attack targeted one of four senior DevOps engineers who had the high-level security authentication required to use the necessary decryption keys to access the cloud storage service. The perpetrators of this attack targeted the home computer of the individual they were targeting.
LastPass stated that the DevOps engineer’s home computer was targeted by attackers who exploited what it describes as “a vulnerable third-party media software package.” This allowed the attackers to gain the necessary privileges for remote code execution. The exact details of how the attack occurred have not been released. This strategy gave attackers the ability to install keylogger malware on the employee’s home computer, allowing them to see what the person typed on their own device. They used this knowledge to their advantage by stealing the master password to get into the company vault.
LastPass claims that this access gave the attackers access to many shared instances, “which included encrypted secure notes with access and decryption keys needed to access Amazon S3 LastPass production backups, other storage resources based on the cloud and certain associated essential database backups.” according to the company.
LastPass has said that after the event, it “supported the DevOps engineer to strengthen the security of his home network and personal resources.”
LastPass has strengthened its multi-factor authentication (MFA) by implementing Microsoft’s Conditional Access PIN Matching MFA, and the company is currently rotating high-privilege and critical passwords known to attackers. This is being done to reduce the likelihood of a further security breach.
In addition, the corporation is investigating the possible effects that the compromise may have had on consumers. According to a statement made by Lastpass, “there are many other workflows to better protect our customers” and “you may need them to run certain activities.”
It is strongly recommended that all LastPass customers, including those using the company’s administration features, update their Master Password. It is strongly recommended that you do not use this password to protect any other online account. It is also recommended that you enable multi-factor authentication (MFA) on your account to limit the likelihood that your account will be accessed.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He has also worked for security companies such as Kaspersky Lab. His daily work includes investigating new malware and cybersecurity incidents. He also has a deep level of knowledge in mobile security and mobile vulnerabilities.
Send news tips to [email protected] or www.instagram.com/iicsorg/
You can also find us on Telegram www.t.me/noticiasciberseguridad