Hacker Breached LastPass by Installing Keylogger on Employee's Home Computer
Last year’s devastating breach of LastPass has been traced back to a piece of keylogging malware that was secretly installed on an employee’s home computer.
On Monday, LastPass provided(Opens in a new window) more details on the breach, which has shattered trust in one of the most popular password managers on the market. The company lost encrypted password vault data for all customers to a hacker who was secretly poking around LastPass’ systems for weeks.
One lingering question had been how the culprit broke into LastPass, despite its various security safeguards. The company held its encrypted password vault data in a cloud-based backup system, which required both Amazon AWS Access Keys and the LastPass-generated decryption keys in order to enter.
In Monday’s update(Opens in a new window), LastPass added that only four DevOps engineers at the company possessed the necessary decryption keys through a “highly restricted set of shared folders.” However, the hacker circumvented the company’s security safeguards by serving malware to one of the DevOps engineers at their home.
“This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware,” LastPass said.
The malware then recorded the keystrokes on the engineer’s computer, enabling the hacker to capture the master password for the employee’s password vault at LastPass. The same malware appears to have helped the hacker bypass the multi-factor authentication on the account, which contained the decryption keys required to access LastPass’s cloud backup system.
LastPass didn’t name the “vulnerable
Read more on pcmag.com
