Lastpass hacked, where an engineer’s failure to update Plex on their home computer caused the breach at LastPass. The breach resulted in the theft of partially encrypted password vault data and customer information. Neglecting to keep software up-to-date poses significant risks, as this incident serves as a stark reminder.
Last week, the password management service disclosed that attackers used information obtained from a previous breach, details from a third-party data breach, and a vulnerability in a third-party media software package to launch a second attack between August and October 2022. The attackers targeted one of the four DevOps engineers, used keylogger malware to obtain their credentials, and breached the cloud storage environment.
When Lastpass got hacked it announced that, at the time of the incident, the hacker took advantage of a vulnerable third-party media software package. However, they did not reveal the vendor or specific flaw involved. This lack of information triggered speculations about the likelihood of the hacker exploiting an undisclosed vulnerability, which could endanger many other users.
You can also follow the story on Reddit
