LastPass Reveals Hackers Had Access to its System for Four Days  

Share post:

LastPass, a password management company, has revealed details of the security incident that occurred last month in its development environment, which resulted in the theft of a portion of its source code and technical information.

It emerged that the threat actor had been given access to LastPass’ systems for four days but could not obtain sensitive customer information due to the system design and the zero-trust controls put in place to prevent such incidents.

The company’s CEO, Karim Toubba, also explained that the investigation into the hack was completed in partnership with the company Mandiant and that access was via a developer’s compromised endpoint. While the exact method of initial entry is “inconclusive,” LastPass stated that the hacker embodied the developer after verifying the victim through multi-factor authentication.

According to the company, it had originally taken steps such as the complete separation of development and production environments and the inability to access customers’ password vaults without the user-defined master password. It also stated that it was conducting source code integrity checks to look for threats, and that developers lacked the permissions necessary to move source code directly from the development environment to production.

It added that it has hired a leading cybersecurity firm to improve its source code security practices, and it has installed additional endpoint security measures to better detect and prevent attacks on its systems.

The sources for this piece include an article in TheHackerNews.

Featured Tech Jobs

SUBSCRIBE NOW

Related articles

Apple reduces forecasts for Vision Pro as demand cools in key US market

In an unexpected shift, Apple has drastically reduced its shipment forecasts for the upcoming Vision Pro, indicating a...

FTC says Microsoft’s layoffs at Activision Blizzard may threaten merger approval

The FTC has expressed dissatisfaction with Microsoft's layoffs at Activision Blizzard, challenging the integrity of the Microsoft-Activision deal....

Delaware court voids Musks $56 billion dollar compensation

Tesla's stock experienced a notable downturn following a Delaware court's decision to void CEO Elon Musk's massive $56...

IT World Canada strikes partnership with Canadian Cybersecurity Network

Goal is to make it easier for infosec pros to access each organization

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways