The Password management solution LastPass revealed that the threat actors had access to its systems for four days during the August hack.
Password management solution LastPass shared more details about the security breach that the company suffered in August 2022. The company revealed that the threat actor had access to its network for four days in August 2022.
LastPass CEO Karim Toubba explained that there is no evidence that the attackers had access to customer data.
“We have completed the investigation and forensics process in partnership with Mandiant. Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident.” reads the Notice of Recent Security Incident published by the company. “There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.”
The investigation, conducted with the help of Mandiant, allowed the company to determine that the attackers gained access to the Development environment using a developer’s compromised endpoint.
LastPass added that the Development environment has no direct connectivity to the Production environment.
The threat actors gained access to the Development environment using a developer’s compromised endpoint.
“While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using