LastPass password manager confirms hackers had four days of internal access to company systems

LastPass, a password management service, has confirmed that hackers can gain internal access to their computer systems for four days. When the pirates were detected on the fourth day, they were immediately expelled.

What are the purposes of password managers

Password managers are safes that store a user’s password to improve security and make accessing user accounts much more convenient. LastPass is a popular password management service that stores user passwords.

Recently, however, a department of LastPass was found to be compromised and hackers were able to access it for four days. The company’s CEO, however, made a distinction regarding the particular department the hackers were able to access.

LastPass has confirmed that hackers can get four days of internal access

According to the story of beeping computer, in the recent security incident notification update that was released, Karim Toubba, the CEO of LastPass, made a statement. According to the CEO, the company’s investigation revealed that there was no evidence that hackers were able to access customer data or encrypted password vaults.

The Last pass The CEO said the hackers, although they were able to gain access to the development environment, their system design as well as controls were able to protect encrypted password vaults and protect customer data.

Analysis found that hackers were unable to inject malicious code

Although the attacker’s method was still able to gain the developer endpoint’s access to the LastPass dev environment, investigation revealed that spoofing was being used to gain access to the LastPass dev environment. ‘access. The hackers allegedly attempted to impersonate the developer and were able to authenticate using multi-factor authentication.

After analyzing the source code and production versions, the company was unable to find evidence of any malicious code the hacker attempted to inject. According to the Bleeping Computer article, this is likely due to the Build Research team’s abilities to push code from development to production.

LastPass CEO guarantees that the development environment is physically separated from the development environment

Toubba said the whole process always includes code review, testing and validation through all three stages. The CEO also added that the Last pass The development environment “is physically separate from the LastPass production environment and has no direct connectivity with it.”

After the incident, the company decided to roll out various enhanced security controls, including the addition of endpoint security controls as well as monitoring. LastPass has also added more threat intelligence capabilities and even improved the detection and prevention technologies used.

Read also : Uber security update: secure user data, “no evidence” of access to all operational features

LastPass claims to have over 33 million users

The new update comes after LastPass users were notified on August 15 that the company was able to detect unusual activity in the development environment. The password manager claims to have 33 million people and 100,000 businesses using its service.

Related article: Millions of Microsoft users warned of urgent security vulnerability: CVE-2022-37696 vulnerability has been fixed

This article belongs to Tech Times

Written by Urian B.

ⓒ 2022 All rights reserved. Do not reproduce without permission.