![]() ![]() With the Amazon Web Services (new window) (AWS) cloud development environment now compromised, valuable corporate assets were stolen, but no customer data. LastPass employee accounts are secured using two-factor authentication (2FA), but the attacker successfully used a tactic known as multi-factor authentication (MFA) fatigue (new window) to bamboozle the engineer into accepting a bogus 2FA request. ![]() This was achieved using stolen login credentials (username and password). Hackers were able to gain access to a LastPass software engineer’s user account. In the end, the attack turned out to be far worse than what LastPass initially disclosed:ġ. March 1, 2023: following a detailed forensic analysis, LastPass released a statement describing in detail what happened (new window).During this incident, an attacker was able to copy its customer vault data. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |