{"id":560249,"date":"2023-03-06T23:31:19","date_gmt":"2023-03-06T20:31:19","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/lastpass-data-breach-shows-why-plex-updates-are-important-review-geek\/"},"modified":"2023-03-06T23:31:19","modified_gmt":"2023-03-06T20:31:19","slug":"lastpass-data-breach-shows-why-plex-updates-are-important-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/lastpass-data-breach-shows-why-plex-updates-are-important-review-geek\/","title":{"rendered":"#LastPass Data Breach Shows Why Plex Updates Are Important \u2013 Review Geek"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a44cd340e01e\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a44cd340e01e\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/lastpass-data-breach-shows-why-plex-updates-are-important-review-geek\/#%E2%80%9CLastPass_Data_Breach_Shows_Why_Plex_Updates_Are_Important_%E2%80%93_Review_Geek%E2%80%9D\" >&#8220;LastPass Data Breach Shows Why Plex Updates Are Important \u2013 Review Geek&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CLastPass_Data_Breach_Shows_Why_Plex_Updates_Are_Important_%E2%80%93_Review_Geek%E2%80%9D\"><\/span>&#8220;LastPass Data Breach Shows Why Plex Updates Are Important \u2013 Review Geek&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"article-content-area\">\n<figure style=\"width: 1920px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage size-full wp-image-147556\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.reviewgeek.com\/p\/uploads\/2023\/03\/09dd8c26.png?width=1200\" alt=\"The LastPass app on a smartphone.\" width=\"1920\" height=\"1080\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.shutterstock.com\/image-photo\/lod-israel-july-8-2020-lastpass-1878395095\">Maor_Winetrob \/ Shutterstock.com<\/a><\/span><\/figcaption><\/figure>\n<p>LastPass is still dealing with last year\u2019s data breach, which exposed the personal information and passwords of some customers. But new information about this story reminds us why\u00a0every computer user and business needs to take security seriously.<\/p>\n<p>On February 28th,\u00a0LastPass <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/lastpass.wo8g.net\/c\/156932\/565400\/8692?subId1=rg&amp;subId2=147554&amp;sharedid=&amp;u=https%3A%2F%2Fsupport.lastpass.com%2Fhelp%2Fincident-1-additional-details-of-the-attack&amp;subid3=xid:{xid}&amp;___trxnet=ir\">finally explained<\/a> how its data breach occurred. A hacker initially targeted \u201cvulnerable third-party <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/social-mediaa\/\" data-internallinksmanager029f6b8e52c=\"1\" title=\"Social Media\" target=\"_blank\" rel=\"noopener\">media<\/a> software\u201d on a\u00a0DevOps engineer\u2019s personal home computer, installing a keylogger to collect the employee\u2019s master password. This DevOp h<a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>ens to be one of four LastPass employees who can access the corporate vault, so it\u2019s safe to assume that this was a targeted hack.<\/p>\n<p>Yes, the employee targeted in this hack owned a corporate laptop (which has since been replaced). Some reports state that the employee used their personal computer to access work resources, though this hasn\u2019t been confirmed by LastPass.<\/p>\n<p>Here\u2019s the interesting thing; the \u201cvulnerable\u00a0third-party media software\u201d exploited in this hack was Plex. Initial <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/news\/\" data-internallinksmanager029f6b8e52c=\"2\" title=\"News\" target=\"_blank\" rel=\"noopener\">news<\/a> of Plex\u2019s involvement came courtesy of leakers (via\u00a0<em><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/arstechnica.com\/information-technology\/2023\/02\/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault\/\">Ars Technica<\/a><\/em>), but was later confirmed by Plex on March 1st.<\/p>\n<p>When the\u00a0<em>Ars Technica<\/em> report came out, Plex said that it hadn\u2019t been contacted by LastPass. But things have changed\u2014LastPass tells Plex that the exploited vulnerability was\u00a0<a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/forums.plex.tv\/t\/security-regarding-cve-2020-5741\/586819\">CVE-2020-5741<\/a>. Plex tells\u00a0<em>Review Geek<\/em> that this exploit was disclosed and patched in May of 2020, at least 2.5 years before the LastPass breach.<\/p>\n<p>Clearly, the targeted LastPass employee neglected to update their Plex server for at least two years. There have been nearly 75 Plex updates since the\u00a0CVE-2020-5741 exploit was patched. This is a serious failure of both personal and corporate security; as Plex notes, update notifications are provided \u201cvia the admin UI,\u201d and automatic updates are quite common.<\/p>\n<p>But in a way, this failure is kind of understandable. Some Plex updates need to be performed manually, and as any Plex user knows, these updates may introduce problems or force you to redo some of your media library\u2019s metadata. The LastPass employee targeted in this hack may have failed to realize that an update needed to be installed manually (though there\u2019s a chance that they intentionally avoided updating).<\/p>\n<p>Take this as a lesson; any part of a network can compromise your security, or even the security of others. You need to keep products up to date, and if a device in your home suffers from an unpatched exploit, you should take it offline. (Also, Plex needs to improve its update process. I know this from experience.)<\/p>\n<p>Unfortunately, tech corporations don\u2019t know how to lead by example. LastPass bears the responsibility here, and it has the track record to prove that it can\u2019t take security seriously. We\u2019ve reached out to LastPass for a comment and are waiting for a response.<\/p>\n<p><small>Source: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/lastpass.wo8g.net\/c\/156932\/565400\/8692?subId1=rg&amp;subId2=147554&amp;sharedid=&amp;u=https%3A%2F%2Fsupport.lastpass.com%2Fhelp%2Fincident-1-additional-details-of-the-attack&amp;subid3=xid:{xid}&amp;___trxnet=ir\">LastPass<\/a>, Plex<\/small>\n<\/div>\n<p><script>\nsetTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s)}(window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n  fbq('init', '1137093656460433');\n  fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.reviewgeek.com\/147554\/lastpass-data-breach-shows-why-plex-updates-are-important\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;LastPass Data Breach Shows Why Plex Updates Are Important \u2013 Review Geek&#8221; Maor_Winetrob \/ Shutterstock.com LastPass is still dealing with last year\u2019s data breach, which exposed the personal information and passwords of some customers. But new information about this story reminds us why\u00a0every computer user and business needs to take security seriously. On February 28th,\u00a0LastPass&#8230;<\/p>\n","protected":false},"author":1,"featured_media":560250,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.reviewgeek.com\/p\/uploads\/2023\/03\/09dd8c26.png","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-560249","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/560249","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=560249"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/560249\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/560250"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=560249"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=560249"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=560249"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}