magic starSummarize by Aili

Hackers Voice Cloned the CEO of LastPass for Attack

๐ŸŒˆ Abstract

The article discusses an attempted AI-powered voice scam targeting LastPass, a password management company. It also provides context on previous security breaches at LastPass.

๐Ÿ™‹ Q&A

[01] Faking It

1. What happened in the attempted scam against LastPass?

  • Someone used AI voice-cloning technology to spoof the voice of LastPass's CEO, Karim Toubba, in an attempt to trick one of its employees.
  • The LastPass employee received several WhatsApp communications, including calls, texts, and a voice message, from someone claiming to be the CEO.
  • However, the employee did not fall for the scam as the communication was outside of normal business channels and had other hallmarks of a social engineering attempt.
  • The employee reported the incident to LastPass's internal security team.

2. How common are these types of AI-powered voice scams?

  • These types of attacks are on the rise, as evidenced by a previous incident where a Hong Kong tech worker paid $25 million to a scammer who used deepfake technology to impersonate the worker's company CEO and other employees.

[02] Big Phish

1. What previous security issues has LastPass faced?

  • In August 2022, a hacker compromised a LastPass engineer's laptop, stole source code and company secrets, and eventually gained access to the company's customer database, including encrypted passwords and unencrypted user data like email addresses.
  • The hacker remained active in LastPass's servers for months, and it took the company over two months to admit the breach.
  • LastPass's CEO, Karim Toubba, later took "full responsibility" for how the months-long attack was handled.

2. How did the previous breach impact LastPass's employees?

  • After the lengthy breach that did not entirely tank the company, LastPass employees are now on edge about potential hacks.
  • The failed scam attempt was quickly identified and reported by a skeptical LastPass employee, suggesting the company's employees are now more vigilant about potential security threats.
Shared by Daniel Chen ยท
ยฉ 2024 NewMotor Inc.