It’s been reported that a LastPass engineer failing to update Plex with a patch for a nearly three-year-old flaw on their home computer enabled the massive LastPass hack where a “threat actor” obtained “encrypted backups from a third-party cloud storage service” relating to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products.
The threat actor also obtained an encryption key for a portion of the encrypted backups. This highlights the importance of staying up to date with patching and ensuring that the latest software updates are installed.
“Many thanks again for all of your work getting us up and running in the cloud and getting us organised, another happy customer.”
- Karen Cotton -