It’s been reported that a LastPass engineer failing to update Plex with a patch for a nearly three-year-old flaw on their home computer enabled the massive LastPass hack where a “threat actor” obtained “encrypted backups from a third-party cloud storage service” relating to its Central, Pro, join.me, Hamachi, and RemotelyAnywhere products.
The threat actor also obtained an encryption key for a portion of the encrypted backups. This highlights the importance of staying up to date with patching and ensuring that the latest software updates are installed.