The password manager, LastPass recently unveiled that the attackers who breached its security in August 2020 also had access to its network for four days.
As per the latest statements by LastPass, the company suffered from the interference of cyber attackers for four days in august 2022. Luckily, the company was able to detect and remove malicious actors during this period.
With regards to the investigation updates concerning the security breach, the CEO of LastPass, Karim Toubba published a notice, stating, “We have completed the investigation and forensics process in partnership with Mandiant.”
Furtermore, the company also stated, “There is no evidence of any threat actor activity beyond the established timeline. We can also confirm that there is no evidence that this incident involved any access to customer data or encrypted password vaults.”
During the investigation, the company found that the malicious actors got access to the development environment by compromising a developer’s endpoint. After the developer completed its multi-factor authentication, the cyber attackers used their persistent access in imitating the developer and entered the development environment.
However, the company commented that
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article. 
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: