LastPass notified customers of a security breach of the company’s official blog in August 2022. This week, the company released additional information about the hack after its investigation.
Back in August 2022, LastPass reported to customers that it had observed unusual activity in the development environment. I noticed relatively quickly that a third party gained access to “parts of the development environment” through a compromised developer account.
The threat actor obtained “parts of source code and some technical information from LastPass”, but was unable to gain access to production environments or customer data.
LastPass has asked cybersecurity and forensic firm Mandiant to help them investigate the incident. The September 2022 update reveals additional details about the security incident.
The threat actor gained access to the development environment for 4 days in August, according to to LastPass. When LastPass Security discovered the incident, it was immediately contained.
No evidence was found that the directed actor had access after the four-day period. Customer data and encrypted vaults were not accessed by the threat actor.
The attacker gained access through a compromised developer account. The account is protected by multi-factor authentication. Developer accounts are restricted to the development environment, which has prevented the threat actor from accessing client data, encrypted vaults, or production environments. Development environments do not have access to customer data, according to LastPass.
Forensic experts analyzed the source code and production architectures to determine if any tampering had occurred in the four-day period. According to LastPass, it found “no evidence of attempted code poisoning or malicious code injection”.
As a security precaution, developers have no direct option to push source code from development to production. A separate build release team is responsible for this, which reviews, tests and verifies sources and changes.
LastPass announced that it has improved security as a result.
As part of our risk management program, we have also partnered with a leading cybersecurity company to further enhance existing source code security practices that include secure software development lifecycle processes, threat modeling, vulnerability management, and bug bounty programs.
Furthermore, we have deployed enhanced security controls including additional controls and monitoring for endpoint security. We have also deployed additional threat intelligence capabilities as well as improved detection and prevention technologies in both our development and production environments.
While the threat actor gained access to the LastPass development environment, they did not change the source code or gain access to customer data. The source code and technical information were accessed and obtained though.
Now you: What password management service do you use, if any? (Across Boy)
#LastPass #details #August #hack