2 comments

[ 2.9 ms ] story [ 13.3 ms ] thread
> Still, the breach at LastPass shows the company made another mistake by allowing the employee to use their home computer to access extremely sensitive data. According to LastPass, the hacker planted keylogging malware on the home computer, enabling them “to capture the employee’s master password as it was entered, after the employee authenticated with MFA (multi-factor authentication), and gain access to the DevOps engineer’s LastPass corporate vault.”

I am no expert, but this seems like a stunning lack of network security for a company in this field.

I have read anecdotes that security oriented companies often have the worst practices. Are these practices not flagged by audits? Or are audits in areas like this just not done?