Threat Actor: Hackers | hackers
Victim: LastPass | LastPass
Price: Not specified
Exfiltrated Data Type: Software source code and proprietary technical documentation
Additional Information:
- LastPass disclosed a security breach in which hackers gained access to portions of the LastPass development environment.
- The breach was initiated through a single compromised developer account and resulted in the theft of fragments of software source code and proprietary technical documentation.
- No evidence suggests that the hackers accessed the database server where user data is stored, ensuring the safety of user data and encrypted password vaults.
- LastPass reassured users that there is minimal potential impact from the stolen source code and technical documentation.
- No immediate action is required from LastPass users, but further details will be provided through an official announcement after a detailed investigation.
- LastPass has implemented containment and mitigation measures to enhance security and has engaged external cybersecurity and forensics experts to assist with the investigation.
- All LastPass products and services continue to operate normally, and no changes to passwords or data transfer are necessary.
LastPass, a well-known password manager, disclosed the security problems encountered by the company in the latest blog. It is suspected that hackers invaded the intranet after stealing accounts through phishing. The good news is that there is currently no evidence that hackers have access to the database server where user data is stored, and that user data and encrypted password vaults are still safe.
LastPass said some fragments of its software source code and some proprietary technical documentation were stolen, with minimal potential impact. LastPass users do not need to worry about security issues or transfer data and change passwords at present, but the details still need to wait for the official announcement of a detailed investigation.
LastPass writes: “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.“
The investigation revealed that only part of the source code and part of some proprietary technical documents were stolen, and all LastPass products and services were in normal operation. In response to the incident, LastPass deployed containment and mitigation measures to improve security while engaging external cybersecurity and forensics experts to help investigate the incident.
According to the existing investigation, the data of all users are not affected, the user’s personal information and encrypted password database have not been leaked, and no password change measures are required.
Original Source: https://securityonline.info/hackers-attacks-lastpass-and-steals-source-code/