The LastPass incident.
the cyberwire logoJust Now

No evidence of access to customer data or malicious code injection, but some theft of source code.

The LastPass incident.

LastPass has published an update on the security breach it sustained last month, Naked Security reports. LastPass found no evidence that the attacker gained access to customer data. The threat actor was able to steal some source code, but the company found “no evidence of attempts of code-poisoning or malicious code injection.”

A compromised endpoint.

LastPass stated

“We have completed the investigation and forensics process in partnership with Mandiant. Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident. There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults. 

“Our investigation determined that the threat actor gained access to the Development environment using a developer’s compromised endpoint. While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.  

“Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults.”