Plex amazon s35/9/2023 During this period, the perpetrator stole valid credentials from a senior DevOps engineer to infiltrate shared cloud storage that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.īy employing these purloined credentials, it became difficult to distinguish between legitimate and suspicious activity. In a recent update, LastPass unveiled that the threat actor accountable for both security breaches was actively engaged in a new sequence of reconnaissance, enumeration, and exfiltration activities from August 12th to October 26th. In response, LastPass recommended that all stored passwords be changed as an additional precautionary measure, while emphasizing that the account's master password still secured the passwords. LastPass disclosed on December 22nd that hackers had leveraged the information obtained during the August breach to breach the company's systems once again in November, resulting in the perpetrator copying a backup of partially encrypted customer vault data that contained website URLs, usernames, and passwords. In August of 2021, LastPass notified its users of a "security incident" wherein an unauthorized third party exploited a compromised developer account to access the password manager's source code and "some proprietary LastPass technical information." Subsequently, the company revealed a second security breach in November, disclosing that hackers had penetrated a third-party cloud storage service employed by the password manager, permitting the perpetrators to "access certain elements" of "customers' information."
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |