You probably saw in the news recently that the popular password management application LastPass was breached by a hacker. Now that more details have come out (for example this ArsTechnica article) it appears the hack was a combination of a keylogger, and an unpatched version of Plex. Apparently Plex had a vulnerability that allowed remote execution, and through that remote execution the keylogger was installed without the LastPass developer ever knowing.
It sounds like this was a very sophisticated attack and we wish the best for LastPass. Plex was in the news for its own breach last year and it appears these two incidents are related.
What can we learn about this situation and what might have helped LastPass? Use an anti-keylogger like SpyShelter, and focus on always keeping all your software up to date.
Tweet