Lastpass- the password management solution which had the beliefs of thousands of users suddenly faced criticism on account of its security incident last month.
A serious point to be noted is that this is not the first time that the belief of everyone – Lastpass has suffered security issues. In fact, Lastpass has a record of security incidents in 2011, 2015, 2016,2019,2021,2022.
On August 25, 2022 the Lastpass Company released a notice stating the threat actor had access to its systems for a four day period in August 2022.
“We have determined that an unauthorized party gained access to portions of the Lastpass development environment through a single compromised developer account and took portions of source code and some proprietary Lastpass technical information”, said by Karim Toubba,CEO of Lastpass.
A blog post was released by the CEO on 15h September 2022. It was notified that The Company continued its investigation on the incident with the partnership of an incident response firm, Mandiant. The investigation results showed that the access was achieved using a developer’s compromised endpoint.
A lot of concerned users were seen questioning if their master password had been compromised to which the company denied such possibility with the statement that they don’t store or have knowledge of your master password.
Apart from this, an analysis of source code was also done by the company to validate code integrity and it was found out that there was no evidence of attempts of code poisoning or malicious code injection.
To prevent such incidents from happening in near future, Lastpass deployed additional threat intelligence capabilities as well as enhanced detection and prevention technologies in both our Development and Production environments.
Image Source : LastPass.com