Investigation The LastPass hack was carried out on an employees

Investigation: The LastPass hack was carried out on an employee’s PC

Late last year, LastPass, a password storage service, encountered an incident in which hackers managed to steal the company’s customers’ personal information. It has now been revealed that in order to hack LastPass’s internal systems, the attackers installed a keylogger on the PC of one of the company’s engineers.

    Image source: Pixabay

Image source: Pixabay

According to available data, the attackers used a keylogger to steal an employee’s password from his company account, which they used to gain access to the service’s user password store. They then exported vault records and shared folders containing the decryption keys needed to access the Amazon cloud storage where LastPass keeps copies of customer data.

The information released by LastPass, obtained during cyber incident investigations, gives a clearer picture of how the two attacks on the company’s systems were connected. Recall that last August it was announced that an unknown attacker had gained access to internal LastPass systems. In December, the company confirmed that the attackers had stolen user data in a new attack. At the same time, it was said that the hackers had used the data they had taken over in the summer for the second attack.


About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment