> Following the incident, LastPass has taken a number of steps to prevent future attacks and investigate what happened. The engineer was assisted in strengthening the security of their personal network [...]
I hope this involved something along the lines of: "This zoom meeting won't end until you update your router firmware".
I'm fascinated that this was part of their remediation. I'd consider "don't trust the employee's local network" to be a pretty basic principle of modern corporate information security. What happens when an employee logs in from hotel wifi? You basically have to treat the network between the user and your environment as hostile, and design for that problem.
I hope this involved something along the lines of: "This zoom meeting won't end until you update your router firmware".