A cyber security breach developing in last pass – a provider of credential management services – appears to have affected only the company’s development environment and is unlikely to pick up on users, according to community insiders, who praised the company for its quick and transparent response to the incident.
the gap was notified by LastPass on Aug 25before the bank holiday weekend, but it was first spotted a fortnight earlier, CEO Karim Toubba said, when he spotted “some unusual activity within parts of the LastPass development environment.”
Toubba said: “After launching an immediate investigation, we have seen no evidence that this incident involves any access to customer data or encrypted password vaults.
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of LastPass source code and certain proprietary technical information. Our products and services are operating normally,” he said.
LastPass has implemented containment and mitigation measures and has engaged forensic investigators, in addition to implementing additional enhanced security measures.
Toubba said there was no other evidence of malicious activity and, crucially, he added, the incident did not compromise any customer master passwords, which are protected behind a “zero knowledge architecture. Nor does it appear that any data contained in their clients’ encrypted “vaults” has been accessed.
“At this time, we do not recommend any action on behalf of our users or administrators. As always, we recommend that you follow our best practices for installing and configuring LastPass, which can be found hereToubba said.
SaberBe4 Leading security awareness advocate Javvad Malik was one of many observers who singled out LastPass’s clear and swift outreach as a positive.
“LastPass did well to detect the intrusion in their development environment, where most organizations would likely have missed it, and it is commendable that they clearly communicated the incident to their customers,” he said.
Malik said that keeping the lines of communication open and setting appropriate expectations for users was a good foundation for maintaining the customer trust that companies like LastPass are built on. If clients lose trust, he said, negative public relations could be more damaging than actual rape.
The incident should also not serve to diminish users’ confidence in password management services in general. “[They] they remain the best way to manage and audit credential usage,” said Chris Morgan, senior cyber threat intelligence analyst at digital shadows.
Still, it’s possible, indeed likely, that the incident causes some concern among users of the service, particularly as cybersecurity experts tend to recommend the use of password managers, so there are some actions LastPass users should take. can take for your peace of mind. .
“This breach offers an opportunity to assess your security posture if the scope of the breach expands or if other breaches occur in the future. This is true regardless of whether you use LastPass specifically or not,” said Melissa Bischoping, director of endpoint security research at tanium.
“This may mean proactive password rotation, temporarily switching to another password manager or password management service. Use multi-factor authentication not only for your bank and social media accounts, but especially for your LastPass or other password management solution.
“Many providers, including LastPass, are offering and migrate to passwordless logins that use more advanced security technologies, such as FIDO2 security keys. This reduces friction for end users and increases overall account security,” she added.
However, the theft of source code and some other company data is a cause for concern because this information could be very useful to a threat actor and can lead to future compromise of either LastPass or its downstream customers.
deep instinct Vice President of Market Insights Justin Vaughan-Brown described source code theft as a terrifying prospect. “The source code is part of a company’s intellectual property and is therefore of enormous value to cybercriminals,” he said.
“Threat actors who gain access to source code can find security vulnerabilities within the organization’s product. This means that cybercriminals can exploit weaknesses within the network, which are unknown to the organization. Security incidents like this show organizations that it is more important than ever to start preventing cyberattacks,” said Vaughan-Brown.