Remember: in early August 2022, LastPass was the victim of a cyberattack during which hackers were able to recover sensitive information as well as part of the source code. Now we also know that cybercriminals had access to part of the LastPass infrastructure for 4 days!
As a reminder, LastPass is a cloud-based password manager and it is one of the most popular solutions with a customer base of over 33 million users and 100,000 businesses.
LastPass has updated its security bulletin related to this cyberattack, the origin of which was already known: compromise of a developer’s account that the attackers could use to gain access to the company’s development environment. The first official publication about this security incident dates back to August 25, 2022, about two weeks after the events.
Karim Toubba, CEO of LastPass, says his company conducted an investigation in collaboration with Mandiant, and that cybercriminals were able to access the development environment, but thatthey couldn’t access customer information, or even encrypted password vaults. Here is what the official press release says:First, the LastPass development environment is physically separate from our production environment and has no direct connection to it. Second, the development environment contains no encrypted client data or vaults. Third, LastPass does not have access to master vault passwords for our customers.“.
LastPass also claims that the source code of the application does not contain malicious code : it was a risk since hackers had access to the source code.
We also learn that cybercriminals were able to use this access for 4 daysbefore LastPass noticed it and decided to cut access: “Our investigation revealed that the cybercriminal’s activity was limited to a four-day period in August 2022. During this period, the LastPass Security team detected the cybercriminal’s activity and subsequently contained the incident.“
Source