LastPass says hackers broke into an employee PC to steal the company's password vault

The bad actors needed the engineer's logins to access the company's cloud storage.

Dado Ruvic / reuters

LastPass has posted an update on its investigation regarding a couple of security incidents that took place last year, and they're sounding graver than previously thought. Apparently, the bad actors involved in those incidents also infiltrated a company DevOps engineer's home computer by exploiting a third-party media software package. They implanted a keylogger into the software, which they then used to capture the engineer's master password for an account with access to the LastPass corporate vault. After they got in, they exported the vault's entries and shared folders that contained decryption keys needed to unlock cloud-based Amazon S3 buckets with customer vault backups.

This latest update in LastPass' investigation gives us a clearer picture of how the two security breach incidents it went through last year were connected. If you'll recall, LastPass revealed in August 2022 that an "unauthorized party" gained entry into its system. While the first incident ended on August 12th, the company said in its new announcement that the threat actors were "actively engaged in a new series of reconnaissance, enumeration, and exfiltration activities aligned to the cloud storage environment spanning from August 12th, 2022 to October 26th, 2022."