These include company names, end-user names, billing addresses, email addresses and telephone numbers, as well as the IP addresses used by customers to access the LastPass website. "We have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata," the company wrote. This information was then used by the threat actor between August and October to steal credentials and keys later used to access and decrypt certain storage volumes within the cloud-based storage service in the December attack. ![]() LastPass has revealed that the threat actor who breached the company's systems in August 2022 did so by leveraging source code and technical information that were obtained from the company's development environment via a home computer belonging to a DevOps engineer.įrom a technical standpoint, LastPass said information was obtained via a keylogger installed on the employee's device by exploiting a remote code execution (RCE) vulnerability in a third-party media software package.
0 Comments
Leave a Reply. |