Last Pass Source Code Exposed in Data Breach
August 31st, 2022 - Written By CyberLabs
On 25th August 2022, Last pass company published a data breach notification affirming that threat actors had compromised its source code. Around 33 million people and 100,000 businesses are utilizing this product and is one of the largest password management firm in the world.
We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC
— LastPass (@LastPass) August 25, 2022
“Two weeks ago, we detected some unusual activity within portions of the Last Pass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.” said last pass in their notice.
According to the notice, threat actors has gain access to compromise developers account and has access the company’s developer environment. The company’s source code and proprietary technical information has stolen on this process.
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.”
The company has deployed containment and mitigation measures and engaged a leading cyber security and forensics firm. They are currently evaluating further mitigation techniques to strengthen our environment.
The company states no customer data or encrypted password vaults are compromised and no evidence of any unauthorized access to customer data in our production environment as the incident has occurred in the development environment.
Sources
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/
