LastPass provides details on August 2022 hack
LastPass notified customers of a security breach on the company’s official blog in August 2022. This week, the company released additional information about the hack after its investigation.
In August 2022, LastPass notified customers that it had noticed unusual activity in the development environment. He noticed fairly quickly that a third party had managed to access “parts of the development environment” through a hacked developer account.
The threat actor obtained “portions of source code and certain proprietary technical information from LastPass,” but was unable to access production environments or customer data.
LastPass has asked cybersecurity and forensics firm Mandiant to help investigate the incident. The September 2022 update reveals additional details about the security incident.
The threat actor had access to the development environment for a period of 4 days in August, according to LastPass. When LastPass security detected the incident, it was immediately contained.
No evidence was found that the threat actor had access beyond the 4-day period. Customer data and encrypted vaults were not accessed by the threat actor.
The attacker gained access through a compromised developer account. The account was protected by multi-factor authentication. Developer accounts are restricted to the development environment, which prevented the threat actor from accessing customer data, encrypted vaults, or production environments. Development environments do not have access to customer data, according to LastPass.
Forensic experts analyzed the source code and production versions to determine if manipulation took place during the four-day period. According to LastPass, it found “no evidence of attempted code poisoning or malicious code injection”.
As a security measure, developers don’t have a direct option to push source code from development to production. A separate build release team is responsible for this, reviewing, testing, and validating sources and changes.
LastPass announced that it has improved security accordingly.
As part of our risk management program, we have also partnered with a leading cybersecurity firm to further enhance our existing source code security practices, including secure software development lifecycle processes, modeling threats, vulnerability management and bug bounty programs.
Additionally, we have rolled out enhanced security controls, including additional endpoint security controls and monitoring. We have also deployed additional threat intelligence capabilities and enhanced detection and prevention technologies in our development and production environments.
Although a malicious actor gained access to the LastPass development environment, they did not modify the source code or gain access to customer data. Source code and technical information were however consulted and obtained.
Now you: Which password management service do you use, if any? (Going through Born)