Home » News » LastPass Breach: Hacker Obtains Decrypted Vault and AWS Encryption Keys

LastPass Breach: Hacker Obtains Decrypted Vault and AWS Encryption Keys

(Image Credit Google)
LastPass, the popular password manager, announced on Monday that a threat actor who had already breached the company's systems earlier this year was able to hack an employee's home computer and access a decrypted vault containing sensitive information. LastPass officials stated that the attacker used a vulnerable third-party media software package to implant keylogger malware that captured the employee's master password after the employee authenticated with multi-factor authentication (MFA). Once the threat actor gained access to the decrypted vault, they exported entries, including the "decryption keys needed to access the AWS S3 LastPass production backups, other cloud-based storage resources, and some related critical database backups." This incident occurred between August 12 and August 26, 2021. The employee whose home computer was hacked was one of only four LastPass employees with access to the corporate vault. LastPass officials added that the tactics, techniques, and procedures used in this incident were different from those used in the previous breach that occurred in August 2021. In that instance, the attacker was able to steal valid credentials from a senior DevOps engineer and access the contents of a LastPass data vault. The vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets. LastPass LastPass initially stated that the attackers only obtained partially encrypted login data, but in October 2021, they confirmed that the hackers obtained both encrypted and plaintext customer data. The backup data contained unencrypted data such as website URLs, usernames and passwords, secure notes, and form-filled data, which had an additional layer of encryption using 256-bit AES. The recent incident highlights the resourcefulness of the threat actor responsible for the LastPass breach. It is concerning that the attacker was able to exploit a vulnerability on an employee's home computer to gain access to sensitive information. The incident also highlights the importance of ensuring that all devices used for work-related activities are secure. Also Read: Ex-Uber security chief found guilty of concealing data breach in 2016 The incident also shows that alerting and logging measures alone may not be sufficient to detect anomalous behavior. LastPass officials said that alerting and logging were enabled during these events, but the behavior did not indicate the anomalous behavior that became clearer in retrospect during the investigation. This highlights the importance of regularly reviewing logs and other security-related data to detect and respond to threats. [caption id="attachment_99831" align="aligncenter" width="1200"]LastPass LastPass[/caption] It's unclear if there is any connection between the LastPass breach and the breach of Plex, a media streaming service that reported its network intrusion on August 24, 2021, just 12 days after the second LastPass breach commenced. The Plex breach allowed the threat actor to access a proprietary database and make off with password data, usernames, and emails belonging to some of its 30 million customers. Representatives of LastPass and Plex did not respond to emails seeking comment on this issue. However, the threat actor behind the LastPass breach has already proven to be highly skilled and resourceful, and it is essential to take precautions to protect your sensitive information. As Ars advised in December 2021, all LastPass users should change their master passwords and all passwords stored in their vaults. Although it's unclear whether the threat actor has access to either, it's better to take preventive measures to ensure the safety of your data.

By Raulf Hernes

If you ask me raulf means ALL ABOUT TECH!!


Elon Musk revealed his newest project, XMail, an e...


Prepare to navigate your friends' Stories using a ...


Apple faces a challenge from the Cash program, the...


Remember how difficult it was to Shazam a catchy T...


Following the viral popularity of its AI selfies, ...


The days of awkward keyword searches and never-end...