It’s been reported that a LastPass engineer failing to update Plex with a patch for a nearly three-year-old flaw on their home computer enabled the massive LastPass hack where a “threat actor” obtained “encrypted backups from a third-party cloud storage service” relating to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products.
The threat actor also obtained an encryption key for a portion of the encrypted backups. This highlights the importance of staying up to date with patching and ensuring that the latest software updates are installed.
“What impresses us most is their ability to convey the issue whilst avoiding the technical jargon that those outside of IT really don’t understand.”
- Jason Honey -