The employee in question was working from home, and their employer did not enforce any access restrictions. LastPass explains in the latest investigation update (Opens in a new window) that the attackers targeted a senior engineer at the company one of only four people with access to the LastPass corporate vault. The threat actor leveraged data stolen in the first phase of the attack in August, but how did they get that data in the first place? Well, it's not pretty. It said at the time that no user data was accessed, but in November, it announced a second attack that did target the passwords and other sensitive data people had stored on LastPass' servers. Problems started for LastPass in August 2022 when it notified users of a "security incident" involving proprietary company information. This week, LastPass released new details of the attacks, explaining that the attacker targeted a senior LastPass engineer to gain access to the sensitive internal information that made the data theft possible. The company is still reeling from a series of hacks last year that resulted in a trove of user data being stolen. LastPass has been in the news a lot lately, and not because it's the internet's number one password manager, as it still proudly proclaims.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |