LastPass says hackers stole password vault data in 2022 by exploiting an RCE flaw in third-party software to install a keylogger on a DevOps engineer's computer
LastPass revealed more information on a “coordinated second attack,” where a threat actor accessed and stole data …
BleepingComputer Lawrence Abrams
Related Coverage
- LastPass says employee's home computer was hacked and corporate vault taken Ars Technica · Dan Goodin
- Incident 2 - Additional details of the attack LastPass Support
- LastPass Says DevOps Engineer Home Computer Hacked SecurityWeek · Ryan Naraine
- LastPass Reveals Second Attack Resulting in Breach of Encrypted Password Vaults The Hacker News
- It's All Bad News: An update on how the Lastpass breach affects Lastpass SSO Chaim Sanders
- LastPass reveals its recent security attack was worse than it initially thought Android Police · Chandraveer Mathur
- LassPass breach: Hackers put malware on engineer's home computer to steal their password ZDNet · Danny Palmer
- LastPass: Staff's home computer was hacked to access cloud storage Silicon Republic · Leigh Mc Gowran
- LastPass breach update: The few additional bits of information Almost Secure
- LastPass Reports DevOps Engineer Computer Breach in 2022 Hack MakeUseOf · Katie Rees
- US Marshals Service Suffered a Significant Ransomware and Data Exfiltration Incident Metacurity · Cynthia Brumfield
- LastPass attack saw employee's home computer hacked ComputerWeekly.com · Alex Scroxton
- LastPass says DevOps engineer's hacked computer led to security breach in 2022 9to5Mac · Filipe Espósito
- LastPass reveals how it got hacked — and it's not good news Digital Trends · Alex Blake
- Is it time to move on from LastPass? — The Latest — LastPass corporate vault was breached by hackers and went undetected. The Salty Peasant
- LastPass breach: Hacker accessed corporate vault by compromising senior developer's home PC Help Net Security · Zeljka Zorz
- LastPass says hackers broke into an employee PC to steal the company's password vault Engadget · Mariella Moon
- LastPass says employee's home computer was hacked to steal a decrypted vault TechSpot · Rob Thubron
- LastPass publishes final analysis of hack into password infrastructure gHacks Technology News · Martin Brinkmann
- LastPass: Keylogger on home PC led to cracked corporate password vault Naked Security · Paul Ducklin
- LastPass: hackers breached the computer of a DevOps engineer in a second attack Security Affairs · Pierluigi Paganini
- Already smarting from a breach that put partially encrypted login data into a threat actor's hands, LastPass on Monday said that the same attacker hacked a senior devops engineer's home computer and obtained a decrypted vault available to only a handful of company developers. … @dangoodin@infosec.exchange · Dan Goodin
- After we first heard about the #LastpassBreach in December, I kept wondering how that impacted #SSO integrations. — Thanks to this very detailed blog for answering that for me: https://medium.com/... edit … @nilokuma@infosec.exchange · Ellie
- We're getting some more detail from LastPass about their two breaches last year that were from the same attacker. — There's a lot to unpack here, but this detail about targeting a LastPass DevOps employee on their home computer is somewhat sobering: … @briankrebs@infosec.exchange · BrianKrebs
Discussion
-
@kennwhite@mastodon.social
Kenn White
on mastodon
If you've not migrated off LastPass, do it now. And change every important password you've ever stored or backed up on their cloud service. Good luck on any stored personal notes. — https://arstechnica.com/... by @dangoodin
-
@dcuthbert
Daniel Cuthbert
on x
Lastpast attack chain via home media centre of senior dev. Sssh, can you hear that? That's the sound of a shitload of threat models being redone.
-
@rajsarkar
Raj Sarkar
on x
“The company says they have since updated their security posture, including rotating sensitive credentials and authentication keys, revoking certificates, adding additional logging and alerting, and enforcing stricter security policies.” Shouldn't this be standard practice? https…
-
@dcuthbert
Daniel Cuthbert
on x
The attack chain here is actually very good and raises a lot of concerns surrounding wfh, network design etc https://support.lastpass.com/ ... Kudos to @LastPass as this is proper transparency and many will learn from this. Thank you
-
@jcran
@jcran
on x
Some good lessons in here, and nice to see @lastpass opening up about the incident. Cold hard truth is that this could easily be almost any SaaS company on the receiving end. https://twitter.com/...
-
@silvermanjacob
Jacob Silverman
on x
LastPass seems done. Gacked, borked, fin. Can't be trusted anymore, if it even survives. https://twitter.com/...
-
@seanwrightsec
Sean Wright
on x
A good example why allowing home devices without appropriate controls in place could cause potential issues: https://www.securityweek.com/ ... And by controls I mean things that allow you to enforce minimum requirements (such as OS patching, end point protection, etc).
-
@_mg_
@_mg_
on x
It was Plex. They exploited Plex to get into the home network, installed a keylogger on a home laptop, and got the corp vault password because the home laptop was logging into it. Targeted high value employee shortly after the https://arstechnica.com/...... https://twitter.com/..…
-
@peterktodd
@peterktodd
on x
“The attacks seen here could happen to any company.” Using Qubes to isolate different environments would probably have prevented this. Also, why is a security-critical company allowing work-from-home? https://twitter.com/...
-
@_mg_
@_mg_
on x
Just to be clear: while there is plenty to criticize about the LastPass product, the transparency of what was posted today is great. It actually gives me some hope that I didn't previously have. The attacks seen here could happen to any company. Most would have handled it much...…
-
@zquestz
Josh Ellithorpe
on x
Don't use LastPass. Migrate to alternatives. https://arstechnica.com/...
-
@binitamshah
Binni Shah
on x
Lastpass Quietly indicates that Enterprise Users' K2s were accessed : https://support.lastpass.com/ ... Additional details of the attack on LastPass : https://support.lastpass.com/ ...
-
@_mg_
@_mg_
on x
4 people who have access to “the keys to the kingdom”. At least 1 of them was accessing them from a home computer. For how long without anyone noticing? If that didn't raise flags, then it won't for an attacker either. Helping them harden their home network is nice, but there... …
-
@gchampeau
Guillaume Champeau
on x
“LastPass says one of its DevOps engineers had a personal home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources.” https://www.securityweek.com/ ...
-
@weldpond
Chris Wysopal
on x
“by targeting the DevOps engineer's home computer and exploiting a vulnerable third-party media software package, which enabled remote code exec” I wonder what security controls were on that computer. https://arstechnica.com/...
-
@barnacules
@barnacules
on x
I REALLY hope you all listened to me when I told you to leave @LastPass & change all of your passwords a few weeks ago otherwise you're about to go thought he same thing I did if you're not already doomed 🔥 https://arstechnica.com/... #Hacked #LastPass #Breach #Security
-
@_mg_
@_mg_
on x
New details on the 2nd LastPass incident are fun: - got into Sr DevOp's home via vuln media software - installed keylogger - got master pass to corp vault (seemingly because it was being accessed from home computer) Cool to see that LastPass is sharing https://support.lastpass.co…
-
@uk_daniel_card
@uk_daniel_card
on x
The last pass for LastPass?? https://twitter.com/...
-
@bleepincomputer
@bleepincomputer
on x
As part of today's disclosure, LastPass also released a complete list of the wide and varied data that was accessed by the threat actors. https://twitter.com/...
-
@adamnash
Adam Nash
on x
At some point, there's not much that crisis comms can do for you. 🤷♂️ https://arstechnica.com/...
-
@ippsec
@ippsec
on x
@_MG_ Probably wrong, but man what a big coincidence that a media software package was attributed to the LastPass breach on Aug 12. And ~2 weeks later Plex announced a big breach. https://techcrunch.com/...
-
@arekfurt
@arekfurt
on x
Again, I feel compelled to praise LastPass for their transparency here. While criticizing them for their security absolutely sucking. A engineer with access to important keys for encrypted data in protected data got them stolen when *his personal computer* was compromised. 🤦🤦 htt…
-
@crankysysad
@crankysysad
on x
It looks like a Senior DevOps Engineer at LastPass got popped after accessing corporate data on their personal workstation, which was also running Plex. I'm skeptical. Was it REALLY Plex or was their personal machine just cracked from torrenting? https://arstechnica.com/...
-
@karissabe
Karissa Bell
on x
Another example of how you can do everything “right” and still be screwed bc the companies that are supposed to be protecting us utterly fail to anticipate all the ways they may be exploited https://arstechnica.com/...
-
@dragosr
@dragosr
on x
It's all attack surface. LastPass attackers, after being discovered, pivoted to DevOps engineer's home computer, keylogged, pivoted into secrets repositories, AWS keys. Many lessons here. Thanks @ryanaraine https://www.securityweek.com/ ...
-
@lukolejnik
Lukasz Olejnik
on x
It's good that more details about LastPass breach are posted. “targeted LastPass infrastructure, resources, employee ... valid credentials stolen from a senior DevOps engineer [used] to access a shared cloud-storage environment”. Employee home computer. https://support.lastpass.c…
-
@alice_comfy
Alice
on x
lastpass: We're going to take advantage of Twitter blue longer posts and backup our users vaults on our twitter account. We think this provides a good balance between security and convenience. Simply advance search your username on our account to log in. https://twitter.com/...
-
@silvermanjacob
Jacob Silverman
on x
Also this is a pretty shitty thing to do for LastPass users who might want to find out info about a catastrophic hack. https://www.bleepingcomputer.com/ ... https://twitter.com/...
-
@_mg_
@_mg_
on x
Does your Red Team get to target people's home computers and networks? I am guessing that a great big “nope” for almost every company I know of.