LastPass Data Breach: Source code stolen

LastPass is a password manager that allows you to store all of your passwords in one place, so you don’t have to remember them. It also helps you create unique passwords that are very hard to guess and keep them secure.

It’s a great way to protect yourself from hackers and phishing schemes, as well as keep track of all your information without having to write it down or carry around your phone all day long.

LastPass Data Breach Incident: LastPass explained that a major data breach incident occurred several weeks ago when an unknown hacker gained access to its systems through a compromised developer account and alerted the password management company about an unusual activity.

While customer data and passwords remain intact despite the hack, LastPass said the hacker was able to steal source code and other proprietary data because the compromised account had access to the LastPass development environment.

The company said: “We discovered that an unauthorised party gained access to parts of the LastPass development environment through a single compromised developer account and took parts of the source code and some proprietary LastPass technical information.”

A CISO from a cyber security company, explained how source code theft can be harmful in the future. He said: “Bad actors will want source code for the same reason bank robbers will want bank floor plans to help the malicious actor identify its weak points and ways of gaining entry.”

LastPass Data Breach: Was Customer’s Data Affected?

On Thu, 15-Sep2022, LassPass provided additional explanation on the recent cyber attack and reassured that the breach was only limited to their development environment where no customer data is stored and that this environment is physically separate from the production environment.

“LastPass does not have any access to the master passwords of our customers’ vaults – without the master password, it is not possible for anyone other than the owner of a vault to decrypt vault data as part of our Zero Knowledge security model,” the company also stated.

After investigation it was observed that a developer’s endpoint device was compromised which led to the attack. While it is not entirely clear how this device was compromised, LastPass provided the following explanation: “While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication”.

LastPass also performed an analysis of their code to ensure that no code-poisoning or malicious code injection had taken place.

Conclusion:

The LastPass data breach and Uber’s Internal Networks Breach shows the importance of securing endpoint devices. This shows that even though a Product is secure and follows all the required cyber security practices, it is extremely important for the Organization, as a whole, to follow cybersecurity best practices. Conducting regular internal security audits can help prevent cyber attacks to a large extent as such Audits identify gaps that are not implemented or followed in the Organization.

Regular internal and external security audits are important in order to identify any gaps in the security of an organization. Auditing third-parties is also extremely important as these partners may not follow the same security practices as the company itself. Not identifying risks or security issues with third-parties and developers can have an adverse impact on a company’s security posture, as seen with LastPass in this cyber security incident.

By identifying and remediating security gaps, organizations can prevent a large number of cyber attacks. Conducting regular security audits is time-consuming and difficult, but Auditor can make the task easier. Auditor is a SaaS Auditing Platform developed by Neumetric that helps you perform security audits and gap analysis according to most popular cyber security standards such as ISO 27001 and PCI DSS. Auditor ensures your compliance with these standards by providing you with real-time reports on your organization’s vulnerability status.