Lastpass announced exactly how hackers gained access to user password storage last year

Lastpass password manager has disclosed additional information about the already “second coordinated attack” in recent months, when the attackers gained access and stole data from Amazon AWS cloud storage servers.

In December last year, Lastpass announced vulnerability when the attackers stole partially encrypted password storage and customer information. Now the company opened how the attackers fulfilled this attack.

According to Lastpass, hackers used the information stolen as a result of hacking in August. Then they gained access to the computer of the senior DevOPS engineer. Since only four Devops engineer Lastpass had access to the necessary valuations of decryption, the attackers aimed at one of them. Ultimately, hackers successfully installed a keylger on the construction of one of the employees, taking advantage of the vulnerability of the remote code execution in a third -party package of multimedia software.

“Attackers were able to intercept the employee’s master paralle as he entered after the employee has passed the authentication using MFA, and then gained access to the corporate Devops storage Lastpass,” the is a published report Lastpass.

The use of actual accounting data was quite difficult to detect the actions of attackers, which allowed them to steal data from the servers of the cloud storage of Lastpass without any haste. It was reported that hackers had systemic access for more than two months, from August 12, 2022 to October 26, 2022.

ultimately Lastpass found abnormal behavior using AWS GuardDuty warnings, when the attacker tried to use the roles of Cloud Identity and Access Management (IAM) to perform unauthorized actions. >

The company claims that since then it has updated its security system, including the rotation of confidential accounting data and authentication keys, withdrew certificates, added additional warnings journals, and also applied more stringent security policies.

Lastpass specialists also released pdf file containing all the information about the hacking itself and stolen data, and Drawn up recommendations that increase the safety of Lastpass accounts for ordinary customers Service and business administrators Lastpass . We recommend that you familiarize yourself if you are a client of the service.

/Media reports cited above.