Skip to main content

LastPass says DevOps engineer’s hacked computer led to security breach in 2022

The popular password manager LastPass faced a major attack last year that compromised sensitive data of its users, including passwords. Back in December, the company shared a statement confirming that attackers obtained such data and that users should change their passwords. Now LastPass has revealed that the incident was caused by credentials stolen from a DevOps engineer.

Engineer’s home computer led to LastPass security breach

As shared in a blog post (via ArsTechnica), there was a coordinated attack in August 2022 in which hackers were able to access and steal data from Amazon AWS cloud servers. More specifically, the credentials for the servers were stolen from a DevOps engineer who had access to cloud storage at the company. This made it more difficult for LastPass to detect the suspicious activity.

Interestingly, ArsTechnica heard from sources that the engineer’s computer was hacked through a vulnerability found in the Plex media platform. Twelve days after the LastPass attack, Plex confirmed that it had also suffered an attack that resulted in 15 million users’ passwords being stolen.

The servers accessed by the attackers contained backups of LastPass customers and encrypted vault data. Here’s what the company says:

This was accomplished by targeting the DevOps engineer’s home computer and exploiting a vulnerable third-party media software package, which enabled remote code execution capability and allowed the threat actor to implant keylogger malware. The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault.

Following the incident, LastPass has taken a number of steps to prevent future attacks along with investigating what happened. The engineer was assisted in strengthening the security of their personal network while new multifactor authentications were added to LastPass’ systems. In addition, certificates obtained by the hackers have been revoked.

Change your passwords now

If you’re a LastPass user, the company strongly advises you to change all your passwords stored on the platform. The master password for the LastPass vault should also be changed. According to LastPass, the platform now has over 30 million users and over 100,000 corporate customers.

It’s worth noting that LastPass has a free version available, but some features require a subscription. More details can be found on the LastPass website.

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

Author

Avatar for Filipe Espósito Filipe Espósito

Filipe Espósito is a Brazilian tech Journalist who started covering Apple news on iHelp BR with some exclusive scoops — including the reveal of the new Apple Watch Series 5 models in titanium and ceramic. He joined 9to5Mac to share even more tech news around the world.