Hacked home computer of engineer led to second LastPass data breach

Password management company LastPass confirmed data stolen in two breaches last year was used to target one of its engineers and launch a successful secondary cyber attack. The same threat actor was responsible for both attacks. The perpetrator was able to capture the master password of the engineer and gain access to the company’s AWS cloud storage servers, allowing them to steal business secrets and information. No customer data was stolen and LastPass has reportedly taken steps to strengthen security following the incidents.