Solution for password management Last month, LastPass development systems revealed additional information regarding the security breach. That includes the fact that the threat actor had access to its servers for four days in August 2022.
CEO of LastPass Karim Toubba stated in a statement released on September 15 that “there is no evidence of any threat actor activity beyond the established timetable”. Adding that “there is no evidence that this event involved any access to user data or encrypted password vaults.”
Although no further information was provided, LastPass disclosed in late August that a compromise aimed at its development environment. That led to the theft of some of its source code and technical data.
The organization claimed to have finished its investigation into the attack in collaboration with incident response provider Mandiant. They also claimed that the access was made possible through a developer’s hacked endpoint.
The adversary utilized persistent access to “impersonate the developer” after the victim had been authorized using multi-factor authentication. According to LastPass, even though the precise manner of the initial entrance is still “inconclusive.”
The Access
The business emphasized that despite the illegal access, the attacker was unable to collect any sensitive client data because of the system’s design. The zero trust protections that were put in place to guard against such attacks.
This includes its inability to access the password vaults of customers without the master password that the users have set. As well as the total separation of development and production environments.
Toubba noted that “none other than the owner of a vault may decrypt vault data without the master password.
The company added that it checked the source code for evidence of poisoning and that developers lacked the necessary rights to deploy source code directly from the development environment into production.
Last but not least, LastPass stated that it has hired a “top” cybersecurity company to improve its source code safety procedures. It has also added more endpoint security guardrails to its systems to better detect and thwart threats.
