LastPass reveals hackers had access to its system for four days  

LastPass, a password management company, has revealed details of the security incident that occurred last month in its development environment, which resulted in the theft of a portion of its source code and technical information.

It emerged that the threat actor had been given access to LastPass’ systems for four days but could not obtain sensitive customer information due to the system design and the zero-trust controls put in place to prevent such incidents.

The company’s CEO, Karim Toubba, also explained that the investigation into the hack was completed in partnership with the company Mandiant and that access was via a developer’s compromised endpoint. While the exact method of initial entry is “inconclusive,” LastPass stated that the hacker embodied the developer after verifying the victim through multi-factor authentication.

According to the company, it had originally taken steps such as the complete separation of development and production environments and the inability to access customers’ password vaults without the user-defined master password. It also stated that it was conducting source code integrity checks to look for threats, and that developers lacked the permissions necessary to move source code directly from the development environment to production.

It added that it has hired a leading cybersecurity firm to improve its source code security practices, and it has installed additional endpoint security measures to better detect and prevent attacks on its systems.

The sources for this piece include an article in TheHackerNews.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web