LastPass says engineer’s home computer was hacked

Just when we thought the LastPass hack was behind us, the company has come out with a new update on its investigation into the security breach. The update reveals that the threat actors responsible for the hack not only stole user data, including passwords but also gained access to the Amazon AWS cloud servers where LastPass stored their backups and encrypted vault data.

According to LastPass, the threat actors targeted the personal computer of a DevOps engineer and exploited a security vulnerability in a third-party media software package. This allowed the threat actors to execute remote code and install keylogger malware on the engineer’s computer. Using this access, they captured the engineer’s master password, which was entered after the engineer had authenticated with multifactor authentication (MFA).

With the master password, the threat actors gained access to the engineer’s LastPass corporate vault. They then exported the contents of the corporate vault, obtained encrypted secure notes, access and decryption keys needed to access various cloud-based storage resources, including AWS S3 LastPass production backups and some critical database backups.

LastPass’ Response to the Attack

In response to the attack, LastPass has taken several measures to prevent future breaches, including assisting the engineer in strengthening their network security, adding Microsoft’s conditional access PIN-matching multifactor authentication, rotating critical SAML certificates used for internal and external service, and revoking certificates obtained by the hackers. Additionally, the company has also advised its users to change their passwords stored on the platform along with their master password for the LastPass vault.

However, this incident serves as a reminder that even the most secure systems are not completely impervious to cyber attacks. It is essential to follow the best practices for online security, such as using strong and unique passwords, enabling two-factor authentication, and keeping the software and operating systems up to date. And, for those who have trouble remembering their passwords, a password manager like 1Password can come in handy.