LastPass he announced on Monday that the same attacker breached an employee's home computer and obtained an encrypted vault available to only a few company developers.
Although the original LastPass breach was supposed to have ended on August 12, officials said the hacker "actively engaged in a new series of identification, enumeration and exfiltration activities" from August 12 to August 26.
Unknown attacker was able to steal valid credentials from a senior DevOps engineer and gain access to the contents of a vault data της LastPass. Μεταξύ άλλων, το θησαυροφυλάκιο παρείχε πρόσβαση σε ένα κοινόχρηστο περιβάλλον αποθήκευσης cloud που περιείχε τα κλειδιά κρυπτογράφησης για τα backups of customer vaults stored in Amazon S3 buckets.
"This was accomplished by targeting an engineer's home computer and exploiting a vulnerable third-party multimedia software package, which enabled remote code execution and allowed the attacker to implant keylogger malware," LastPass officials said. “The attacker was able to capture the master code access of the employee as he was typing it, and gained access to the engineer's corporate LastPass vault."
The hacked engineer o computer his was one of only four LastPass employees with access to the company vault. Once in possession of the decrypted vault, the attacker extracted the records, and the "decryption keys needed to access AWS S3 backups, other cloud-based storage resources and some relatively critical database backups."