The hackers managed to access LastPass’ corporate vault by targeting the home computer of one of four engineers who had access to decryption keys needed to access cloud data storage where sensitive information was kept. The hackers did this by exploiting a vulnerability in a third-party media software package, which Ars Technica later reported to be Plex.

Read full article on Motherboard