Hackers Had Access to LastPass’s Development Systems for Four Days

Teilen:

Password management solution LastPass shared more details pertaining to the security incident last month, disclosing that the threat actor had access to its systems for a four-day period in August 2022.

“There is no evidence of any threat actor activity beyond the established timeline,” LastPass CEO Karim Toubba sagte in an update shared on September 15, adding, “there is no evidence that this incident involved any access to customer data or encrypted password vaults.”

LastPass in late August revealed that a breach targeting its development environment resulted in the theft of some of its source code and technical information, although no further specifics were offered.

 

The company, which said it completed the probe into the hack in partnership with incident response firm Mandiant, noted the access was achieved using a developer’s compromised endpoint.

While the exact method of initial entry remains “inconclusive,” LastPass noted the adversary abused the persistent access to “impersonate the developer” after the victim had been authenticated using multi-factor authentication.

The company reiterated that despite the unauthorized access, the attacker failed to obtain any sensitive customer data owing to the system design and zero trust controls put in place to prevent such incidents.

This includes the complete separation of development and production environments and its own inability to access customers’ password vaults without the master password set by the users.

“Without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data,” Toubba pointed out.

Additionally, it also said it conducted source code integrity checks to look for any signs of poisoning and that developers do not possess the requisite permissions to push source code directly from the development environment into production.

Last but not least, LastPass noted that it has engaged the services of a “leading” cybersecurity firm to enhance its source code safety practices and that it has deployed additional endpoint security guardrails to better detect and prevent attacks aimed at its systems.

https://thehackernews.com/2022/09/hackers-had-access-to-lastpasss.html?

Kommentar verfassen

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

lade-bild
London, GB
11:58 pm, Juli 6, 2025
Wetter-Symbol 17°C
L: 16° | H: 18°
aufgelockerte Bewölkung
Luftfeuchtigkeit: 71 %
Druck: 1007 mb
Wind: 10 mph WNW
Windböe: 0 mph
UV-Index: 0
Niederschlag: 0 mm
Wolken: 40%
Regen Chance: 0%
Sichtbarkeit: 10 km
Sonnenaufgang: 4:51 am
Sonnenuntergang: 9:18 pm
TäglichStündlich
Tägliche VorhersageStündliche Vorhersage
Tomorrow 10:00 pm
Wetter-Symbol
16° | 18°°C 0.99 mm 99% 13 mph 85 % 1015 mb 0 mm/h
Di. Juli 08 10:00 pm
Wetter-Symbol
13° | 24°°C 0.2 mm 20% 11 mph 76 % 1020 mb 0 mm/h
Mi. Juli 09 10:00 pm
Wetter-Symbol
15° | 26°°C 0 mm 0% 6 mph 66 % 1023 mb 0 mm/h
Do. Juli 10 10:00 pm
Wetter-Symbol
19° | 31°°C 0 mm 0% 8 mph 63 % 1024 mb 0 mm/h
Fr. Juli 11 10:00 pm
Wetter-Symbol
20° | 30°°C 0 mm 0% 12 mph 54 % 1023 mb 0 mm/h
Tomorrow 1:00 am
Wetter-Symbol
17° | 17°°C 0 mm 0% 9 mph 71 % 1007 mb 0 mm/h
Tomorrow 4:00 am
Wetter-Symbol
16° | 17°°C 0.31 mm 31% 8 mph 75 % 1007 mb 0 mm/h
Tomorrow 7:00 am
Wetter-Symbol
14° | 15°°C 0.99 mm 99% 10 mph 85 % 1008 mb 0 mm/h
Tomorrow 10:00 am
Wetter-Symbol
17° | 17°°C 0.33 mm 33% 12 mph 53 % 1011 mb 0 mm/h
Tomorrow 1:00 pm
Wetter-Symbol
22° | 22°°C 0 mm 0% 13 mph 37 % 1012 mb 0 mm/h
Tomorrow 4:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 10 mph 41 % 1013 mb 0 mm/h
Tomorrow 7:00 pm
Wetter-Symbol
20° | 20°°C 0 mm 0% 7 mph 45 % 1014 mb 0 mm/h
Tomorrow 10:00 pm
Wetter-Symbol
17° | 17°°C 0 mm 0% 11 mph 49 % 1015 mb 0 mm/h
Name Preis24H (%)
Bitcoin(BTC)
€92,788.88
1.00%
Ethereum(ETH)
€2,194.58
2.60%
Fesseln(USDT)
€0.85
-0.01%
XRP(XRP)
€1.93
2.61%
Solana(SOL)
€129.63
3.39%
USDC(USDC)
€0.85
-0.01%
Dogecoin(DOGE)
€0.146745
5.11%
Shiba Inu(SHIB)
€0.000010
3.34%
Pepe(PEPE)
€0.000008
5.22%
Nach oben scrollen