• Image 01
  • Image 02
  • Image 03
  • Image 04
  • Image 05
  • Image 06
Need assistance? Contact Us: 1-800-255-5897

Menu

  • Home
  • About Us
    • Company Overview
    • Management Team
    • Board of Directors
  • Your Loan Service Center
  • MAKE A PAYMENT
  • Business Service Center
  • Contact Us
  • Home
  • About Us
    • Company Overview
    • Management Team
    • Board of Directors
  • Your Loan Service Center
  • MAKE A PAYMENT
  • Business Service Center
  • Contact Us
Recent Quotes
View Full List
My Watchlist
Create Watchlist
Indicators
DJI
Nasdaq Composite
SPX
Gold
Crude Oil
Markets
Stocks
ETFs
Tools
Markets:
Overview
News
Currencies
International
Treasuries

The Massive Data Breach at LastPass Tied to Hack of Senior DevOps Engineer’s Home Computer; Users Urged to Change their Passwords

By: Get News
April 19, 2023 at 03:20 AM EDT
The Massive Data Breach at LastPass Tied to Hack of Senior DevOps Engineer’s Home Computer; Users Urged to Change their Passwords
Data breach executed by exploiting a security vulnerability in Plex

On the 28th of February, the password manager maker LastPass revealed that the massive data breach it encountered last November involved the compromise of a DevOps engineer’s home computer.

The breach was the result of one of the engineer’s forgetting to upgrade Plex on their home computer, which put a decrypted vault available to only a handful of developers into a hacker’s hands. The vault allowed the threat actor to hold sway over a shared cloud-storage environment among others and ultimately, exfiltrate Amazon S3 vault backup encryption keys, reported The Hacker News.

Breaking Down the Breach at LastPass

Before this massive hacking at LastPass, the company experienced a security incident disclosed last August. In this incident, an unauthorised third-party exploited a developer’s compromised account to steal source code and “proprietary LastPass technical information”.

On 22nd December, the password manager service detailed that the threat actor infiltrated the company’s system during the second incident by exploiting data stolen from the first incident. The backup of partially encrypted user vault information that the hacker managed to copy included passwords, website URLs, and usernames. 

“The second incident saw the threat actor quickly make use of information exfiltrated during the first incident, prior to the reset completed by our teams, to enumerate and ultimately exfiltrate data from the cloud storage resources,” LastPass said.

Now, in Monday’s update, the company said that even though the first incident ended on 12th August, the hacker “was actively engaged in a new series of reconnaissance, enumeration, and exfiltration activity” up to 26th October.

According to the company, during this time, the hacker managed to execute the second attack. 

This second intrusion particularly singled out one of the four senior DevOps engineers with access to the corporate data vault executing a keystroke logger malware on their computer. The target was to steal the master password as it was entered by the hacked engineer to access the corporate vault. 

The threat actor exploited a three-year-old, now-patched security vulnerability on Plex Media Server software to gain code execution on the engineer’s computer.

“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” explained LastPass officials. “The threat actor was able to capture the employee’s master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer’s LastPass corporate vault.”

Tracked as CVE-2020-5741 (CVSS score: 7.2), the vulnerability was patched by Plex in version 1.19.3.2764 released in May 2020. 

“Unfortunately, the LastPass employee never upgraded their software to activate the patch,” Plex said in a statement. “For reference, the version that addressed this exploit was roughly 75 versions ago.”

In Monday’s update, the password manager company said that the tactics, techniques, and procedures (TTPs) used to execute the first breach were different from those used in the second one, making it tough for the investigators to correlate these two incidents. 

Educating Employees on Cyber Behavior Can Help Dodge Breaches

Ensuring employees have access to essential tools and providing them with training on cyber behaviour is critical to minimising the risk of cyber threats. 

For organisations looking to develop a security culture improvement program to ensure no cybercriminal can hold sway over sensitive business information, leveraging a human risk management solution such as CultureAI is a sensible decision. 

Wrapping Up

LastPass detailed the steps it has taken as part of the company’s effort to investigate and respond to the security incident. The company also suggested its customers reset their passwords as an additional security measure.

Media Contact
Company Name: Geeky News
Contact Person: Press Officer
Email: Send Email
Phone: +44 (0)203 800 1212
Address:Parallel House, 32 London Road
City: Guildford
State: Surrey
Country: United Kingdom
Website: https://www.geekynews.co.uk/



More News

View More
JPMorgan Q2 Results Affirm Dividend, Buybacks, & Growth
Today 16:38 EDT
Via MarketBeat
Topics Economy Stocks World Trade
Tickers JPM
Goldman Spotlights These 3 Stocks in Its Bullish S&P 500 Outlook
Today 16:27 EDT
Via MarketBeat
Topics Economy Stocks
Tickers BAC GOGO GS KSS
Fastenal Surges After Earnings Beat, Tariff Risks Loom
Today 16:24 EDT
Via MarketBeat
Topics Earnings World Trade
Tickers FAST
Tesla: 2 Plays Ahead of Next Week's Earnings Report
Today 16:05 EDT
Via MarketBeat
Tickers TSLA
Pelosi Makes Big Bet on Broadcom—Here’s Why It Matters
Today 15:37 EDT
Via MarketBeat
Topics Artificial Intelligence Economy
Tickers AVGO
Site Logo
Stock Quote API & Stock News API supplied by www.cloudquote.io
Quotes delayed at least 20 minutes.
By accessing this page, you agree to the following
Privacy Policy and Terms Of Service.

Having difficulty making your payments? We're here to help! Call 1-800-255-5897

Copyright © 2019 Franklin Credit Management Corporation
All Rights Reserved
Contact Us | Privacy Policy | Terms of Use | Sitemap