LastPass has provided more information on the security incident that was discovered earlier this year, and in an update published this week, the company says that it was managed to confirm that hackers accessed its systems for just 4 days.
The whole thing happened in August 2022, LastPass says, and once again, it hasn’t found any evidence that the malicious actors accessed any customer data or encrypted password vaults.
By the looks of things, the breach was possible after the hackers managed to compromise the system of a developer.
“Our investigation determined that the threat actor gained access to the Development environment using a developer’s compromised endpoint. While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication,” LastPass
Read the original article: