LastPass reveals details of August hack that gave threat actor access to its development environment for four days

Last month, LastPass suffered a cyberattack and the company shared some details about what had happened shortly afterwards. Now, having conducted further investigations, more information has been revealed including the fact that the attacker had access to the LastPass development environment for four days. The company concedes that it is not clear how the attacker was able to gain access but says: 'the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication'. LastPass has also revealed the impact of the four-day security incident in the name of providing 'transparency and peace-of-mind to… [Continue Reading]