Why was LastPass hacked?
According to the statement, the computer of an engineer working in DevOps was seized and the systems were infiltrated. The attackers, who placed the keylogger in a third-party media software installed on the engineer’s home computer, succeeded in obtaining the master password of one of the LastPass servers.
Afterwards, the attackers infiltrated the corporate pool and obtained the necessary decryption keys by entering the cloud-based Amazon S3 modules where the customers’ backups were located. In this way, it remained active on the servers for about 3 months. It is stated that there is a group of 4 DevOps engineers holding the keys that can open the LastPass cloud storage vault, and one of them has been hacked.
LastPass announced that it does not store users’ master passwords and that a unique key obtained from master passwords is required to decrypt customer backups, so it will take millions of years to decipher. In addition, the company stated that it would take more functional measures in terms of security with a million-dollar budget.