That DevOps engineer was one of four people who had access to a specific set of decryption keys. “Specifically,” LastPass said, “the threat actor was able to leverage valid credentials stolen from a senior DevOps engineer to access a shared cloud-storage environment, which initially made it difficult for investigators to differentiate between threat actor activity and ongoing legitimate activity.” It said there were two security incidents which appeared unrelated, partly because alerts and logs didn’t show “the anomalous behaviour that became clearer in retrospect”.
LastPass recently published a detailed rundown of the breach that – along with the vault backups – saw customer data such as names, billing and email addresses, and phone numbers stolen. Vulnerable software on a remote worker’s home PC was part of the reason password manager LastPass got hacked in 2022, leading to backups of encrypted customer password vaults being accessed by attackers.
0 kommentar(er)
