The massive breach at LastPass could have been prevented or at least delayed if a company employee had updated software on their home computer. LastPass recently disclosed that the breach occurred when a hacker installed malware on an employee’s home computer, allowing them to capture keystrokes. However, the question remained about how the malware was delivered.
Initially, LastPass stated that the hacker exploited a vulnerability in “a vulnerable third-party media software package” without specifying the vendor or flaw. This raised concerns about potentially unknown vulnerabilities that could affect other users.
Recent findings reveal that the hacker targeted the Plex Media Server software to deliver the malware to the LastPass employee’s home computer. Interestingly, the exploited vulnerability was not new; it was CVE-2020-5741, a flaw that Plex publicly disclosed to users in May 2020. Plex had provided an updated version of the Plex Media Server back then to address this vulnerability, but unfortunately, the LastPass employee had not applied the patch.
LastPass declined to comment but confirmed that the breach occurred due to an unpatched version of Plex Media Server on the employee’s computer. The reason for the employee’s failure to update the software remains unknown. Plex mentioned that they typically provide notifications and automatic updates for such vulnerabilities.
This incident underscores the importance of keeping software up-to-date. However, it’s worth noting that the hacker already had admin access to the Plex Media Server account, suggesting they were specifically targeting the LastPass employee and might have found alternative ways to infect the computer with malware.
Moreover, the breach at LastPass highlights another oversight, namely allowing employees to use their home computers to access sensitive data. The hacker planted keylogging malware on the employee’s home computer, enabling them to capture the employee’s master password, even after multi-factor authentication was used. This breach compromised customers’ encrypted password vaults and unencrypted account information, including email addresses and phone numbers. Despite the breach damaging trust in LastPass, the company has been working on enhancing its security measures in response to the incident.
How often are you applying software and operating system updates to your business and personal workstations? NovaCore Solutions offers a managed service solution so that your workstations are updated automatically when critical fixes are released.
Schedule your free consultation today to discuss your current technology needs and future goals.