LastPass provided additional information about the security incident.

LastPass provided additional information about the security incident

At the end of August, LastPass reported that they had been hacked. Later the same blog post was updated with additional detail. The investigation process performed by Lastpass in partnership with Mandiant helped them understand the attack's timeframe and target.

According to the provided information, the malicious activity lasted only about four days in August and stopped once the LastPass security team managed to contain the incident.

The attacker used to access through a compromised developer’s endpoint and managed to access the Development environment. However, the environment didn’t contain any data that belonged to customers, and according to the company’s reports, is physically separated from the Production environment. Also, LastPass insists that due to their Zero Knowledge security model, they do not have access to the master passwords of their clients. And it is impossible to decrypt the data without master passwords.

Also, the code analysis was performed to detect any possible attempts of malicious code injection. The team didn’t detect any. Also, there was no chance to get the possibly modified code uploaded onto the Production environment since developers do not have such permission. The environment can be updated only by a separate release team and performed only after a code review, testing, and validation.

In addition, LastPass CEO Karim Toubba mentioned that the team deployed additional security and monitoring measures to prevent any incidents in the future.

Image Credit: Photo by Paulius Dragunas on Unsplash

Reading next

How to improve customer service in eCommerce?
Dashlane published a new safety report. Eastern Europe uses the most secure passwords

Interested in a specific business & technology topic and looking for an article in our blog but haven't found one yet?

If you haven't come across an article that matches your query, feel free to suggest the topic to us, and we'll consider featuring it in our blog. Share your suggestion in the form below, and we'll be sure to review your request.

Talk with us

If you have any questions or problems in your business that can be solved with technical solutions, just let us know. We'll do everything we can to help you.