LastPass Vault Breached via Employee’s Home Computer, Giving Keys to the Kingdom to Hackers


LastPass users may be at risk after a major hack on the home computer of one of their top executives. Ars Technica suggests the breach could have been through a Plex media account. Similar to August’s LastPass security breaches, Plex’s security was also compromised around this time.

LastPass lets you store multiple passwords in one account that can only be accessed by one password.

This blurb Chrome uses for the browser extension shows you what dangers it can pose. LastPass makes it easy to keep your personal information secure and accessible wherever you may be.

LastPass reported that the threat actor was capable of “capturing the employee’s master password as it was entered” and then authenticating with MFA (Multifactor Authorization), to gain access to the LastPass corporate vault.

LastPass reported that hackers had stolen encrypted and plaintext customer vault information and were able to copy customers’ encrypted data.

While hackers usually wait for up to two years before attempting to access personal accounts that have been breached, there is little to be gained by waiting. For LastPass users, it may be time to switch up your passwords. A word to the wise is sufficient.

Unrelated is another reminder of how vulnerable online data can be. There was a major ransomware hack of the U.S. Marshals Service last week. Data collected includes returns from legal processes, information on people being investigated, fugitives, and some employees. There is no word on whether the ransom was paid. But the information would be of more than passing interest to criminal elements at home and around the world.