Attackers steal LastPass Source Code After Compromising Developer Account

Share post:

LastPass has released a security advisory confirming a breach via a compromised developer account that attackers used to gain access to the company’s developer environment.

Upon gaining access, the attacker stole the company’s source code and proprietary technical information.

“In response to the incident, we have developed containment and mitigation measures and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures and saw no further evidence of unauthorized activity,” the LastPass advisory states.

LastPass has yet to provide details about the attack, including how the threat actors compromised the developer account and which source code was stolen.

However, the company said that passwords were not compromised during the cyberattack although the company stores passwords in ‘encrypted vaults’ that can only be decrypted with a customer’s master password.

An earlier hack in 2021 allowed attackers to confirm the user’s master password. This means that it is now important for users to enable multi-fsctor authentication on their LastPass accounts, which will help prevent threat actors from accessing their accounts even if their data is compromised.

The sources for this piece include an article in BleepingComputer.


Related articles

London hospitals cancel over 800 operations after ransomware attack

NHS England disclosed today that a recent ransomware attack on Synnovis has led to the cancellation of hundreds...

Microsoft cancels universal Recall release in favor of Windows Insider preview

Microsoft has decided to cancel the wide release of Recall, the controversial tool for Copilot+ PCs, and instead...

Cyber Security Today, Week in Review for week ending Friday, June 14, 2024

Welcome to Cyber Security Today. This is the Week in Review for the week ending Friday, June 14th,...

Cyber Security Today, June 14, 2024 – Employee downloaded a file that led to hospital chain’s ransomware attack

An employee downloaded a file that led to hospital chain's ransomware attack Welcome to Cyber Security Today. It's Friday...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways