On 25 August 2022, as reported by Hackread.com, LastPass confirmed about a security incident impacting its development environment, revealing that some of its source code and technical data were stolen.
Now LastPass has shared the latest details on the data breach “to provide transparency and peace-of-mind” to its customers/business communities after investigating extensively with Mandiant.
LastPass Security Breach Details
As per the latest updates, the attack continued for four days in August 2022. During this period, LastPass’s security team identified and contained the threat actor’s activities. The attacker managed to access the Development environment by exploiting a compromised endpoint of a developer.
However, the company couldn’t conclusively determine the initial endpoint compromise. In addition, the attacker used persistent access to impersonate the developer after the victim successfully authenticated using MFA.
What Data Was Breached?
So far, the company hasn’t found any evidence that the activity continued beyond this timeframe. Moreover, LastPass confirmed that the threat actor accessed user data or encrypted password vaults.
LastPass’s security notice read that the threat actor did access the Developer environment but could not compromise sensitive data because of its effective system design and controls. That’s because its Development environment doesn’t share a direct or physical connection with the Production environment.
Moreover, LastPass doesn’t store encrypted vaults or user data in its Development environment. Lastly, it never has access to the customer vaults’ master passwords. Without a master password, no one can decrypt vault data except for the owner due to its Zero-Knowledge security mechanism.
Furthermore, code integrity was validated by analyzing production builds and source code, and the company ruled out any possibility of malicious code injection or code poisoning.
Threat Prevention Efforts
LastPass stated that it has collaborated with a leading cybersecurity firm to enhance its existing source code safety mechanism, including secure software development life cycle procedures, vulnerability management, and threat modelling.
The company has also implemented advanced security solutions such as enhanced endpoint security monitoring and controlling.
We have also deployed additional threat intelligence capabilities as well as enhanced detection and prevention technologies in both our Development and Production environments.”
Karim Toubba, CEO LastPass