The Broadband Guide
search advanced

Hacker breached LastPass by installing keylogger on employee's home computer

2023-02-28 16:31 by
Tags: ,


Last year's devastating breach of LastPass has been traced back to a piece of keylogging malware that was secretly installed on an employee's home computer.

On Monday, LastPass provided more details on the breach, which has shattered trust in one of the most popular password managers on the market. The company lost encrypted password vault data for all customers to a hacker who was secretly poking around LastPass' systems for weeks.

This attack targeted one of only four senior DevOps engineers who had the required high-level security authentication necessary to use the decryption keys required to access the cloud storage service - and the attackers did so by targeting their home computer.

"This was accomplished by targeting the DevOps engineer's home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware," LastPass officials wrote. "The threat actor was able to capture the employee's master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer's LastPass corporate vault."

LastPass didn't name the "vulnerable third-party media software package." But according to Ars Technica, the vulnerable software was Plex, which can help consumers construct a media server to stream videos at home. 

Read more -here-


  Post your review/comments
News Glossary of Terms FAQs Polls Cool Links SpeedGuide Teams SG Premium Services SG Gear Store
Registry Tweaks Broadband Tools Downloads/Patches Broadband Hardware SG Ports Database Security Default Passwords User Stories
Broadband Routers Wireless Firewalls / VPNs Software Hardware User Reviews
Broadband Security Editorials General User Articles Quick Reference
Broadband Forums General Discussions
Advertising Awards Link to us Server Statistics Helping SG About