![]() ![]() The attacker targeted the DevOps engineer’s home computer and exploited vulnerable third-party media software, enabling remote code execution. To investigators, the threat actor activity resembled legitimate activity, so they didn’t catch on until it was too late. This was done before LastPass reset the system following the first attack. RELATED: Protect your phone: Steps to take if your device is lost, stolen, or broken What we know nowĭuring the second attack, the threat actor used information gleaned from the first to steal credentials from one of the four senior DevOps engineers with access to the shared folders containing decryption keys. The virtual storage contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers and IP addresses from which customers accessed LastPass. ![]() The hackers then launched a phishing campaign against an employee, obtaining credentials and keys, which they used to access and decrypt storage volumes within the cloud-based storage service. ![]() A highly restricted set of shared folders in a LastPass password manager vault used by just four DevOps engineers for administrative duties.Closely guarded on-premises data centers.LastPass said customer data was safe, as the decryption keys can only be retrieved from the following: ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |