Password manager LastPass will finally tell you why the big data breach happened
LastPass reported a number of data breaches that did not claim to leak user passwords, but were worrying for everyone involved. Now this week, the company has released another update that will make you question its security practices. Hackers who exposed and used the LastPass private key also managed to bypass the home computer of one of their DevOps engineers.
LastPass explains that the computer was infiltrated by a keylogger in the software, which allowed an attacker to obtain an engineer’s master password, giving them access to the LastPass corporate vault. With this access, they were able to find the decryption keys that can be used to unlock the customer’s password vault backups.
The latest information suggests that LastPass was fighting a mass attack that was first used to break into the main vault and then attack one of its designers to retrieve the backup vault with its customers’ data. LastPass first confirmed the attack in August last year, when it said hackers stole parts of the company’s source code and other sensitive data.
But the company assured that its users’ passwords were not affected. If that wasn’t enough, an attacker used an existing flaw to break into LastPass systems once again in December of last year, again claiming that its users’ passwords are safe.
It’s safe to say that the latest update changes the story, especially since the bad actors have managed to break into a LastPass engineer’s computer, giving them greater access to confidential information.
Using decryption keys is never an ideal situation, and people are now wondering how an engineer working with a password management brand’s home computer could be hacked, and if it did, what kind of security LastPass offers its customers, let alone its own employees. People are also starting to consider switching to other platforms after seeing the recurring nature of LastPass attacks in a short period of time.
With more than 25 million users, LastPass works by aggregating the hundreds of passwords that consumers and business users need to log into their social media accounts, corporate networks, online retailers and more.
Read all the Latest Tech News here.