LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults

Tue, 28 Feb 2023 18:48:00 Dan

LastPass, which in December 2022 disclosed a severe data breach that allowed threat actors to access encrypted password vaults, said it happened as a result of the same adversary launching a second attack on its systems.

The company said one of its DevOps engineers had their personal home computer breached and infected with a keylogger as part of a sustained cyber attack that exfiltrated sensitive data from its Amazon AWS cloud storage servers.

"The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack," the password management service said.

This intrusion targeted the company's infrastructure, resources, and one of its employees from August 12, 2022 to October 26, 2022. The original incident, on the other hand, ended on August 12, 2022.

More at https://thehackernews.com/2023/02/lastpass-reveals-second-attack.html

About the author

Dan

Dan

 

I'm a long-time user and enthusiast of open source software and espouse the philosophy that software code should be open (readable). So that everyone can see what happens behind the scenes while we use our electronic devices every day.