This week, LastPass, a widely used password manager, revealed that it had suffered a massive data breach caused by a hacker exploiting an unpatched software vulnerability.
This incident serves as a stark reminder of the importance of maintaining good cybersecurity practices to avoid falling victim to similar attacks, and the risks of not keeping software up to date.
The hacker installed malware on an employee’s home computer, which enabled them to capture keystrokes and steal the employee’s master password, giving them access to LastPass’s corporate vault.
But how did the hacker deliver the malware to the employee’s computer? LastPass initially stated that the hacker exploited a “vulnerable third-party media software package,” without disclosing any further details.
The Exploit That Led to the LastPass Data Breach
According to a report by PCMag, the hacker targeted the Plex Media Server software to load the malware onto the LastPass employee’s home computer. The exploited flaw is known as CVE-2020-5741, which was publicly disclosed by Plex in May 2020.
The vulnerability allowed an attacker with admin access to a Plex Media Server to abuse the Camera Upload feature to make the server execute malicious code. A patch was made available to users at the time, but the LastPass employee did not update their software to activate the patch.
The High Cost of a Simple Oversight: Lessons from the LastPass Hack
This incident highlights the importance of keeping software up to date. However, it is worth noting that the hacker already had admin access to the employee’s Plex Media Server account, suggesting they were already targeting the LastPass staffer and could have found other ways to infect their computer with malware.
Another mistake by LastPass was allowing the employees to use their home computer to access extremely sensitive data. The breach has damaged trust in LastPass, but the company has been working to improve its security in response.
Moving Forward After LastPass Data Breach: What Users and Companies Need to Know
This breach serves as a reminder of the importance of supporting good cybersecurity practices, such as regularly updating software and using strong passwords. It also highlights the risk of using personal devices to access corporate data, particularly in a work-from-home environment where security measures may not be as robust as in an office setting.
The incident underscores the need for organisations to implement strong security protocols, including multi-factor authentication and regular vulnerability testing, to minimise the risk of a breach. It is also a warning that companies need to be vigilant in checking their networks for unusual activity and responding quickly to any suspected breaches.