Safety Detectives
$ United States dollar
$ United States dollar Euro£ British poundAED UAE dirhamARS Argentine pesoAU$ Australian dollarBGN Bulgarian levR$ Brazilian realCA$ Canadian dollarCHF Swiss francCLP Chilean pesoCN¥ Chinese yuanCOP Colombian pesoCZK Czech korunaDKK Danish kroneEGP Egyptian poundHK$ Hong Kong dollarHUF Hungarian forintIDR Indonesian rupiah Israeli new shekelINR Indian rupee¥ Japanese yen South Korean wonMX$ Mexican pesoMYR Malaysian ringgitNOK Norwegian kroneNZ$ New Zealand dollarPLN Polish złotyRON Romanian leuRUB Russian rubleSAR Saudi riyalSEK Swedish kronaSGD Singapore dollar฿ Thai bahtTRY Turkish liraNT$ New Taiwan dollarUAH Ukrainian hryvnia Vietnamese DongZAR South African rand

LastPast Shares Updates About Last Year's Security Breach

Tyler Cross
Tyler Cross
Tyler Cross Tyler Cross

The password manager company LastPass has recently provided an update on the recent incident report from last December.

In an email to customers on Wednesday, LastPass announced that it finished an exhaustive investigation and didn’t see any threat actor activity since Oct. 26. The company has posted an update on its blog with new findings and important information.

LastPass revealed that the two incidents were not caused by any LastPass product defect or unauthorized access to production systems. Instead, the threat actor exploited a vulnerability in third-party software.

In the first incident, the hacker gained access to a cloud-based development environment and stole source code, technical information, and certain LastPass internal system secrets.

In the second incident, the threat actor targeted a senior DevOps engineer and used malware to gain access to cloud backups. The data accessed included system configuration data, API secrets, third-party integration secrets, and encrypted and unencrypted LastPass customer data.

LastPass has taken several actions to secure its systems, including removing the development environment and rebuilding a new one, deploying additional security technologies and controls, analyzing cloud-based storage resources and applying additional policies and controls, analyzing and changing existing privileged access controls, and rotating relevant secrets and certificates that were accessed by the threat actor.

To protect its accounts, the company has prepared a Security Bulletin specifically for subscribers to its Free, Premium, and Families plans to help guide them through a review of their accounts’ safety.

LastPass is also recommending that users enable multi-factor authentication, review their account activity for any suspicious activity, and change their master password.

In the email to customers, LastPass said it’s committed to doing right by its customers and communicating more effectively going forward and are taking steps to ensure that all of its customers have the information they need to protect their accounts.

About the Author
Tyler Cross
Tyler Cross
Writer

About the Author

Tyler is a writer at SafetyDetectives with a passion for researching all things tech and cybersecurity. Prior to joining the SafetyDetectives team, he worked with cybersecurity products hands-on for more than five years, including password managers, antiviruses, and VPNs and learned everything about their use cases and function. When he isn't working as a "SafetyDetective", he enjoys studying history, researching investment opportunities, writing novels, and playing Dungeons and Dragons with friends."