Password Manager LastPass Development systems were compromised

Jeff Mattson September 16, 2022

LastPass said the attacker gained access to the company's servers for four days in August 2022. LastPass CEO Karim Toubba said in a Sept. 15 update that "there is no evidence that this event involved access to user data or encrypted password vaults."

LastPass said in late August that a hack targeting the company's development environment resulted in the loss of some source code and technical knowledge.

The company said that the attack was investigated in collaboration with Mandiant and that it was accessed through a developer's compromised endpoint. While the exact method of the initial intrusion is "inconclusive," LastPass said the attacker used persistent access to "impersonate a developer" after authenticating the victim using multi-factor authentication.

also view other related posts,