LastPass admitted hackers had access to its resources for four
Software

LastPass admitted hackers had access to its resources for four days

LastPass said the unknown attacker behind the August attack on its systems had access to resources for four days before being discovered and disabled.

    Image source: lastpass.com

Image source: lastpass.com

AT updated Version of the official report on the incident, originally published back in August, Lastpass CEO Karim Toubba also said that the results of the investigation, conducted with the assistance of Mandiant experts, found no evidence that the Attackers gained access to encrypted passwords, safes or customer data.

It was found that to perform the operation, the hacker hacked into the system at the workplace of one of the existing developers he was impersonating: him “successfully signed in with multi-factor authentication”. After analyzing the code and assemblies, the company also found no evidence of an attempt to inject malware. This may be because the transfer of code from development to production is performed only by the build-release team and the process involves additional code verification, testing, and validation. The company boss also added that the development environment “Physically separated from the LastPass production environment and does not have direct access to it”.

After the incident at the company “employed advanced security controls, including additional controls and surveillance of workplaces”and additional tools for detecting, analyzing, and responding to threats in development and production environments.

About the author

Robbie Elmers

Robbie Elmers is a staff writer for Tech News Space, covering software, applications and services.

Add Comment

Click here to post a comment