This was achieved using stolen login credentials (username and password). Hackers were able to gain access to a LastPass software engineer’s user account.
In the end, the attack turned out to be far worse than what LastPass initially disclosed:ġ.
March 1, 2023: following a detailed forensic analysis, LastPass released a statement describing in detail what happened (new window). During this incident, an attacker was able to copy its customer vault data. December 2022: Toubba updated his earlier statement to announce a second breach, this time of its production environment. 
He also claimed that the breach had been successfully contained.
Toubba noted that since it was only the development environment that had been compromised, no customer data was accessed.
August 2022: CEO Karim Toubba released a statement (new window) saying that “An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information”. The story unfolded in three disclosures from LastPass: Customers’ data is stored in the production environment. The production environment contains the software and infrastructure used to provide its service to customers on a day-to-day basis. No customer data is stored in the development environment. The development environment is used to develop and test software before it is put into production. are hosted on completely different networks of servers). In its disclosures, LastPass has been keen to draw a distinction between its development environment and its production environment, which it claims are physically separated from each other (i.e. What can I personally do to protect myself?. What lessons can companies learn from the incident?. In this article, we examine the LastPass data breach and consider the lessons that can be drawn from it. After an escalating series of highly-damaging disclosures over the last few months, LastPass has now admitted that hackers have compromised its systems on more than one occasion, and have stolen a huge trove of highly sensitive customer data. With over 33 million registered users and more than 100,000 business customers, LastPass is one of the world’s most popular password managers.
0 kommentar(er)
