LastPass’ vault breach came from hacking engineer’s home computer

The engineer was hacked in December

LastPass on Android

LastPass’s August 2022 security breach continues to get worse.

In a recent update, the company has confirmed hackers have access to customer vault data, building on news it shared in December.

The revelation stems from an August 2022 cyber attack, which allowed bad actors to access the company’s source code. LastPass originally said customer data was safe.

However, hackers were able to steal login credentials from a senior engineer through their home computer in December, gaining access to storage services containing backups of encrypted vault data containing user information.

“The threat actor was able to capture the employee’s master password as it was entered, after the employee authenticated with MFA, and gain access to the DevOps engineer’s LastPass corporate vault,” the blog post reads.

The company has four DevOps engineers who have access to the folders, and LastPass said it was “difficult” to tell the difference between legitimate and illegitimate activity.

LastPass says it has completed several actions following the December incident, including cancelling and re-issuing certificates accessed by the hackers.

Source: LastPass