An employee (dev/sysadmin) had their home device compromised via a supply chain attack, which installed a keylogger and the attacker(s) were able to exfiltrate the credentials to lastpass cloud envs.