LastPass, a password manager service, confirmed that hackers were able to gain internal access to their computer systems for four days. When the hackers were detected on the fourth day, they were immediately evicted.
What are the Purposes of Password Managers
Password managers are vaults that store a user's password in order to help improve security and make accessing the users' accounts much more convenient. LastPass is a popular password manager service that helps store user passwords.
Recently, however, a department within LastPass was found to be compromised and hackers were able to gain access for four days. The CEO of the company, however, gave a distinction regarding what particular department were the hackers able to gain access to.
LastPass Confirmed that Hackers were Able to Gain Four Days of Internal Access
According to the story by Bleeping Computer, in the recent security incident notification update that was published, Karim Toubba, the CEO of LastPass, gave a statement. As per the CEO, the company's investigation reportedly found that there was no evidence that the hackers were able to access customer data or the encrypted password vaults.
The LastPass CEO said that the hackers, although were able to gain access to the Development environment, their system design as well as controls were able to guard the encrypted password vaults and protect customer data.
Analyzation Said Hackers Weren't Able to Inject Malicious Code
Although the attacker's method was still able to gain the developer's endpoint access to LastPass' Development environment, the investigation found that impersonation was used to gain access. Hackers reportedly tried to impersonate the developer and were able to become authenticated through multi-factor authentication.
After the source code and production builds were analyzed, the company was not able to find evidence of malicious code that the hacker would have tried to inject. As per the article by Bleeping Computer, this is likely due to the Build Research team's capabilities to push code coming from Development into Production.
LastPass CEO Assures that the Development Environment is Physically Separate from the Development Environment
Toubba said that the whole process still includes the reviewing, testing, and validating of code through the three stages. The CEO also added that the LastPass Development environment "is physically separated from, and has no direct connectivity to" the Production environment of LastPass.
After the incident, the company has decided to deploy different enhanced security controls which include endpoint security controls addition as well as monitoring. LastPass has also added more threat intelligence capabilities and even improved the detection and prevention technologies used.
Read Also: Uber Security Update: User Data Safe, 'No Evidence' of Access-All Features Operational
LastPass Claims to have Over 33 Million Users
The new update comes after users of LastPass were notified on Aug 15 that the company was able to detect unusual activities within the development environment. The password manager claims to have 33 million people and 100,000 bvusinesses using its service.
Related Article: Millions of Microsoft Users Warned of Urgent Security Vulnerability: CVE-2022-37696 Vulnerability Fixed
This article is owned by Tech Times
Written by Urian B.