Breach, DevSecOps

LastPass confirms security breach, denies data compromise

Password management software provider LastPass disclosed that it had its systems compromised for four days last month before attackers have been identified and removed, according to BleepingComputer. Despite the prolonged stay of threat actors in its systems, LastPass noted the absence of any evidence suggesting that customer data or password vaults have been compromised. "Although the threat actor was able to access the Development environment, our system design and controls prevented the threat actor from accessing any customer data or encrypted password vaults," said LastPass CEO Karim Toubba said. Toubba added that there was also no indication of any malicious code injection in the intrusion, which may have been averted by LastPass' strict code validation process. Moreover, LastPass' Production environment was not impacted due to its separation from the Development environment. Both Development and Production environments had been strengthened with more threat intelligence capabilities, while more security controls have also been deployed following the attack, according to LastPass.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.