September 19, 2022

LastPass, a password management company, has revealed details of the security incident that occurred last month in its development environment, which resulted in the theft of a portion of its source code and technical information.

It emerged that the threat actor had been given access to LastPass’ systems for four days but could not obtain sensitive customer information due to the system design and the zero-trust controls put in place to prevent such incidents.

The company’s CEO, Karim Toubba, also explained that the investigation into the hack was completed in partnership with the company Mandiant and that access was via a developer’s compromised endpoint. While the exact method of initial entry is “inconclusive,” LastPass stated that the hacker embodied the developer after verifying the victim through multi-factor authentication.

According to the company, it had originally taken steps such as the complete separation of development and production environments and the inability to access customers’ password vaults without the user-defined master password. It also stated that it was conducting source code integrity checks to look for threats, and that developers lacked the permissions necessary to move source code directly from the development environment to production.

It added that it has hired a leading cybersecurity firm to improve its source code security practices, and it has installed additional endpoint security measures to better detect and prevent attacks on its systems.

The sources for this piece include an article in TheHackerNews.