Back to Blog
Lastpass business and personal6/14/2023 ![]() ![]() ![]() After this, the attacker was able to wait until the employee entered their master password and authenticated themselves with multi-factor authentication. The remote developer’s PC was reportedly compromised via a remote code execution vulnerability in a third-party media player, which was exploited to deploy a keylogger. The credentials allowed the attacker to steal data from Amazon AWS cloud storage servers used by LastPass for a little over two months. The company has now revealed that the individual(s) responsible for the attack also compromised a remote employee's computer, in order to capture credentials used in the second attack. This resulted in a second breach in November, which was revealed by LastPass in December. Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. ![]()
0 Comments
Read More
Leave a Reply. |