More details about LastPassโ€™s recent hack state that it could have been prevented โ€“ if the LastPass senior engineer had updated his Plex app years ago!

Itโ€™s revealed that the compromised personโ€™s system (a LastPass employee) where the hacker breached in, is the result of bug exploitation in the Plex app of the victimโ€™s home computer! A patch for this has been available for years, but the user didnโ€™t apply it, leading to a breach!

A Lazy Employee is the Cause

From being one of the best password managers out there to an infamous service in just one year, LastPassโ€™s fate has quickly turned out to be the worst since last year. The company suffered two data breaches (1, 2) โ€“ with the latest one being more silly than ever.

As per reports, the hacker, in this case, has compromised the corporate account of a LastPass senior engineer, resulting in the threat actor moving across the companyโ€™s network and stealing its data. More details on this case have poured in now โ€“ revealing that the concerned engineerโ€™s irresponsibility caused the actual damage.

It was reported that the hacker had compromised the engineerโ€™s LastPass account through a vulnerable Plex software โ€“ which the victim had been using on his personal computer. The hacker was able to exploit a bug in the Plex desktop app and install a keylogger in the victimโ€™s computer.

After attaining his credentials for the LastPass corporate account (yes, LastPass allowed this senior engineer to access their network via a home computer!), the hacker breached the LastPass network and stole the data.

Plex revealed that the exploit in question was disclosed back on May 7, 2020, and the company released a patch for it on the same day. Yet, the employee hasnโ€™t patched it โ€“ for three years! Plex claims to have released about 75 versions after that, where this LastPass engineer ignored all of them!

Had he updated the app earlier, LastPass wouldnโ€™t have suffered this shaming incident.

LEAVE A REPLY

Please enter your comment!
Please enter your name here