LastPass confirms hackers had access to internal systems for several days

However hackers didn’t access password vaults

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The attacker that recently breachedLastPasslurked around the network for days before being spotted and eliminated, the company has confirmed.

Ablog postpublished by thepassword manager’s CEO Karim Toubba revealed that the attacker spent some four days on the compromised network.

During that time, though, the attacker did not access customer data, or encrypted password vaults, the investigation has shown.

LastPass attack

“Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults,” Toubba said.

The attacker was apparently able to access the company’s Development environment through a developer’s compromisedendpoint.

The investigation and forensics did not manage to determine the exact method used for the initial endpoint compromise, Toubba did say the attackers utilized their persistent access to impersonate the developer after successfully authenticating with MFA.

Code is safe

LastPass also said there was no evidence of the threat actor trying to inject malicious code, probably because the Build Release team is the only one that can push code from Development into Production. Even then, Toubba added, the code needs to be reviewed, tested, and validated. What’s more, Toubba said that the LastPass Development environment is “physically separated” from the Production environment.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

To ensure an incident like this one does not repeat, LastPass deployed “enhanced security controls including additional endpoint security controls and monitoring," together with extra threat intelligence features and enhanced detection and prevention technologies. These technologies were deployed in both the Development and Production environment.

LastPass hacked: Should you be worried about your passwords?>Your browser spellchecker could be leaking your passwords>These are the best firewalls around

Late last month, the company spotted “unusual activity” and, following an investigation, discovered a security compromise.

The initial investigation found no evidence of threat actors accessing customer data or password vaults, meaning no action from end users was required.

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Google TV will require more RAM for future upgrades – which might leave older TVs and streaming boxes behind