LastPass, a popular password management company, confirmed that threat actors hacked into its development environment in August 2022 and stole LastPass customer and vault data. The breach occurred when a hacker compromised a home computer belonging to one of the company’s DevOps engineers, which allowed the hacker to install a keylogger and access the engineer’s corporate vault. The attacker was then able to export the decryption keys necessary to gain access to AWS S3 LastPass production backups. The backup data contained a broad range of encrypted and unencrypted data, including customer vault data, configuration information, API and third-party integration secrets, and customer metadata. However, the sensitive data was mostly encrypted and required unique decryption keys derived from each end user’s master passwords. LastPass announced that end-user master passwords are never known to them and are not stored or maintained by the company, so they were not included in the exfiltrated data.