LastPass Confirms Hacker Couldn’t View Customer Data
Password manager LastPass provides more information about the hack it fell victim to in August. The perpetrator had access to the company’s internal kitchen for four days but not to customer data.
“There is no evidence of dangerous activity after that period. We can also confirm that there is no evidence that customer data or encrypted password vaults were accessed in this incident.” According to the company.
LastPass has been investigating its processes and the breach in recent weeks, including together with security guard Mandiant. In a new blog post, the company explains that the perpetrator gained access to the developer environment and had a two-step verification approved.
Lots more details except that it ran through a compromised endpoint (presumably a laptop or phone). The company does emphasize that this developer environment is both physically and digitally separated from the production environment and that the first does not contain any real customer data.