LastPass’ DevOps Engineer Hacked

LastPass’ recent security breach is breathtaking! A threat actor accessed and stole data from their Amazon AWS cloud storage servers for over two months, starting in August 2022. They installed a keylogger on a senior DevOps engineer’s computer to capture the employee’s master password and gain access to LastPass’ encrypted Amazon S3 buckets.

The stolen data includes Multifactor Authentication (MFA) seeds, API integration secrets, and cloud-based backup storage. LastPass has updated its security posture, but it’s still crucial to take recommended steps to secure your LastPass account and integration. Stay safe and secure with LastPass!

Scroll to top