11/1/2023 0 Comments Business lastpass![]() This shows how important it is for CISOs to understand the implications of personal device compromise, home networks being wide open, or personal compromise that could impact the company. ![]() In this case, the attacker targeted a DevOps engineer’s home computer, compromising the entire LastPass production system. ![]() Personal Devices Used by Employees Can Compromise Enterprise Security: This breach is a reminder of how personal devices used by employees can compromise enterprise security.Lessons Learned for Personal Device Security: LastPass announced that end-user master passwords are never known to them and are not stored or maintained by the company, so they were not included in the exfiltrated data. However, the sensitive data was mostly encrypted and required unique decryption keys derived from each end user’s master passwords. The backup data contained a broad range of encrypted and unencrypted data, including customer vault data, configuration information, API and third-party integration secrets, and customer metadata. The attacker was then able to export the decryption keys necessary to gain access to AWS S3 LastPass production backups. ![]() The breach occurred when a hacker compromised a home computer belonging to one of the company’s DevOps engineers, which allowed the hacker to install a keylogger and access the engineer’s corporate vault. LastPass, a popular password management company, confirmed that threat actors hacked into its development environment in August 2022 and stole LastPass customer and vault data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |