The hacker who infiltrated LastPass last month had access for four days, according to the company’s investigation. However, LastPass has found no evidence the culprit ever tampered with the company’s software code or accessed user information, such as encrypted passwords.
The company completed its investigation into the breach with the help of cybersecurity firm Mandiant. The results confirm the hacker only managed to gain access to LastPass’s internal IT systems devoted to software development.
“Our investigation revealed that the threat actor’s activity was limited to a four-day period in August 2022,” LastPass said in an update(Opens in a new window) on the breach. “During this timeframe, the LastPass security team detected the threat actor’s activity and then contained the incident. There is no evidence of any threat actor activity beyond the established timeline.”
The investigation also found the attacker exploited a “compromised endpoint” belonging to a LastPass developer, meaning they hijacked access to the developer's computer, possibly through malware.
“While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication,” LastPass says.
Fortunately, the company designed its development software systems to operate separately from the production side of LastPass. “Secondly the Development environment does not contain any customer data or encrypted vaults,” it adds. "Thirdly, LastPass does not have any access to the master passwords of our customers’ vaults."
Nevertheless, the access allowed the hacker to steal some portions of LastPass’s source
Read more on pcmag.com