LastPass reveals attackers stole password vault data by hacking an employee’s home computer
The attacker stole credentials from a senior DevOps engineer to gain access to shared cloud storage containing the encryption keys for customer vault backups. | Illustration: Beatrice Sala
LastPass says that a threat actor was able to steal corporate and customer data by hacking an employee’s personal computer and installing keylogger malware, which let them gain access to the company’s cloud storage. The update provides more information about how the series of hacks happened last year that resulted in the popular password manager’s source code and customer vault data being stolen by an unauthorized third party.
Last August, LastPass notified its users of a “security incident” in which an unauthorized third party used a compromised developer account to access the password manager’s source code and “some proprietary LastPass technical information.” The company later disclosed a second security breach in November, announcing…
