Replying to Avatar Keith Mukai

Brutal.

Home computer compromised by Plex(!!) which drops in a keylogger. LastPass DevOps employee then signs into their corp AWS console from home. pwned.

If someone is running Plex, they're almost definitely torrenting all sorts of shady stuff onto that same machine.

tldr: A whole security company compromised because one employee wouldn't pay for Netflix.

https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/

Avatar
Jonathan 2y ago

I believe you have the story slightly incorrect. A hacker exploited a vulnerability in an old version of Plex that had not been updated despite multiple prompts. Plex didn’t install a key logger.

Reply to this note

Please Login to reply.

Discussion

Avatar
Jonathan 2y ago

#[4]