LastPass Reveals Hackers Had Access to its System for Four Days  

Share post:

LastPass, a password management company, has revealed details of the security incident that occurred last month in its development environment, which resulted in the theft of a portion of its source code and technical information.

It emerged that the threat actor had been given access to LastPass’ systems for four days but could not obtain sensitive customer information due to the system design and the zero-trust controls put in place to prevent such incidents.

The company’s CEO, Karim Toubba, also explained that the investigation into the hack was completed in partnership with the company Mandiant and that access was via a developer’s compromised endpoint. While the exact method of initial entry is “inconclusive,” LastPass stated that the hacker embodied the developer after verifying the victim through multi-factor authentication.

According to the company, it had originally taken steps such as the complete separation of development and production environments and the inability to access customers’ password vaults without the user-defined master password. It also stated that it was conducting source code integrity checks to look for threats, and that developers lacked the permissions necessary to move source code directly from the development environment to production.

It added that it has hired a leading cybersecurity firm to improve its source code security practices, and it has installed additional endpoint security measures to better detect and prevent attacks on its systems.

The sources for this piece include an article in TheHackerNews.

SUBSCRIBE NOW

Related articles

Intel CEO Pat Gelsinger Retires Amid Record Losses and Ongoing Restructuring

Intel CEO Pat Gelsinger has announced his retirement effective December 1, marking the end of a challenging tenure...

Qualcomm Explores Potential Acquisition of Intel

In a shocking turn of events in the semiconductor industry, Qualcomm has, as reported in the New York...

Intel’s contract manufacturing hits setback with quality issues

Intel’s contract manufacturing business has encountered a major setback after silicon wafers produced for Broadcom failed to meet...

Dell has another major round of layoffs

Dell has initiated another round of layoffs, affecting a significant number of employees, including long-term company veterans. HR...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways