Image: SOPA Images/Contributor
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.
Advertisement
The hackers managed to access LastPass’ corporate vault by targeting the home computer of one of four engineers who had access to decryption keys needed to access cloud data storage where sensitive information was kept. The hackers did this by exploiting a vulnerability in a third-party media software package, which Ars Technica later reported to be Plex. From here, the hacker installed a keylogger, captured the engineer’s master password, bypassed the company’s multi-factor authentication protections, and accessed the corporate vault. In there, the hacker stole the keys needed to access “LastPass production backups, other cloud-based storage resources, and some related critical database backups,” the blog reads.Do you know anything else about the LastPass breach? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email joseph.cox@vice.com.
Advertisement
Advertisement
Advertisement