by Christopher Boyd at Malwarebytes Labs
Last August, LastPass suffered a well publicised breach: Developer systems were compromised and source code stolen. This resulted in a second breach in November, which was revealed by LastPass in December. The company has now revealed that the individual(s) responsible for the attack also compromised a remote employee’s computer, in order to capture credentials used in the second attack.
The credentials allowed the attacker to steal data from Amazon AWS cloud storage servers used by LastPass for a little over two months.
The remote developer’s PC was reportedly compromised via a remote code execution vulnerability in a third-party media player, which was exploited to deploy a keylogger. After this, the attacker was able to wait until the employee entered their master password and authenticated themselves with multi-factor authentication.
The attacker was able to access the DevOps engineer’s LastPass corporate vault. From the LastPass support page:…
Continue Reading