Hackers Had Access to LastPass’s Development Systems for Four Days

LastPass Development Systems

Password management solution LastPass shared more details
pertaining to the security incident last month, disclosing that the
threat actor had access to its systems for a four-day period in
August 2022.

“There is no evidence of any threat actor activity beyond the
established timeline,” LastPass CEO Karim Toubba said[1]
in an update shared on September 15, adding, “there is no evidence
that this incident involved any access to customer data or
encrypted password vaults.”

LastPass in late August revealed[2]
that a breach targeting its development environment resulted in the
theft of some of its source code and technical information,
although no further specifics were offered.

CyberSecurity

The company, which said it completed the probe into the hack in
partnership with incident response firm Mandiant, said the access
was achieved using a developer’s compromised endpoint.

While the exact method of initial entry remains “inconclusive,”
LastPass noted the adversary abused the persistent access to
“impersonate the developer” after the victim had been authenticated
using multi-factor authentication.

The company reiterated that despite the unauthorized access, the
attacker failed to obtain any sensitive customer data owing to the
system design and zero trust controls put in place to prevent such
incidents.

This includes the complete separation of development and
production environments and its own inability to access customers’
password vaults without the master password set by the users.

CyberSecurity

“Without the master password, it is not possible for anyone
other than the owner of a vault to decrypt vault data,” Toubba
pointed out.

Additionally, it also said it conducted source code integrity
checks to look for any signs of poisoning and that developers do
not possess the requisite permissions to push source code directly
from the development environment into production.

Last but not least, LastPass noted that it has engaged the
services of a “leading” cybersecurity firm to enhance its source
code safety practices and that it has deployed additional endpoint
security guardrails to better detect and prevent attacks aimed at
its systems.

References

  1. ^
    said
    (blog.lastpass.com)
  2. ^
    revealed
    (thehackernews.com)

Read more

Leave a Reply