LastPass revealed intruders had internal access for four daysSecurity Affairs

Password management solution LastPass revealed that threat actors had access to its systems for four days during the August hack.

Password management solution LastPass has shared more details about the security breach suffered by the company in August 2022. The company revealed that the threat actor gained access to its network for four days in August 2022 .

LastPass CEO Karim Toubba explained that there is no evidence the attackers gained access to customer data.

“We have completed the investigative and forensic process in partnership with Mandiant. Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this period, the LastPass security team detected the threat actor’s activity and then contained the incident. read it Recent Security Incident Notice published by the company. “There is no evidence of threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved access to customer data or vaults. strong encrypted passwords.

The investigation, conducted with the help of Mandiant, determined that the attackers gained access to the development environment using a developer’s compromised endpoint.

LastPass added that the development environment does not have direct connectivity with the production environment.

Threat actors gained access to the development environment using a compromised developer endpoint.

“Although the method used for the initial endpoint compromise was inconclusive, the threat actor used their persistent access to impersonate the developer once the developer successfully authenticated to the using multi-factor authentication.” continues the review.

The intruders exploited Persistent Access to impersonate the developer after the victim was authenticated using multi-factor authentication.

“First, the LastPass development environment is physically separate from our production environment and has no direct connection to it. Second, the development environment contains no customer data or encrypted vaults. Third, LastPass has no access to our customers’ vault master passwords – without the master password, it is not possible for anyone other than the owner of a vault to decrypt the vault data in the part of our Zero Knowledge security model. specifies the note.

The company pointed out that attackers do not have access to the master passwords of its customers’ vaults because they do not have access to them, meaning that only the owner of a vault can decrypt the data in the vault.

The company conducted a verification of its source code to verify its integrity after the attack, adding that developers cannot push source code directly from the development environment to production.

The company has also hired a leading cybersecurity firm to further improve the source code security practices adopted by the company.

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(Security cases hack, hack)

Share on

Comments are closed.