A cyber security breach that unfolded at last pass – the provider of certificate management services – appears to have affected only the firm’s developer environment, and according to community experts, who praised the firm for its quick and transparent response to the incident, it is unlikely to backfire on users.
There was a violation Notified by LastPass on August 25Before the bank holiday weekend, but first detected a fortnight ago, CEO Karim Tobba said, when it saw “some unusual activity within some parts of the LastPass development environment”.
Toubba said: “After initiating an immediate investigation, we have not seen any evidence that this incident involved any access to customer data or encrypted password vaults.
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of the source code and some proprietary LastPass technical information. Our products and services are working normally,” he said.
LastPass has deployed control and mitigation measures and employed forensic investigators, as well as implemented additional advanced security measures.
Tubba said there was no other evidence of malicious activity, and importantly, he added, the incident did not compromise any customer master passwords, which “zero-knowledge” architecture. Nor does it appear that any data contained within its customers’ encrypted “vaults” has been accessed.
“At this time, we do not recommend any action on the part of our users or administrators. As always, we recommend that you follow our best practices for setup and configuration of LastPass, which may be available here” said Tobba.
KnowBe4 Chief security awareness advocate, Javad Malik, was among many observers to highlight LastPass’s clear and quick release as a positive.
“LastPass did a good job of detecting the intrusion in their dev environment, where most companies would have probably missed it, and it’s admirable that they clearly communicated the incident to their customers,” he said.
Malik says that keeping the lines of communication open and setting appropriate expectations for users was a good foundation for maintaining the customer trust that companies like LastPass have built. If customers lose trust, negative PR can be more damaging than the actual breach, he said.
Nor should this phenomenon serve to undermine users’ confidence in password management services in general. “[They] The best way to manage and audit certificate usage,” said Chris Morgan, senior cyber threat intelligence analyst Digital shadow.
Yet it is possible, in fact, that the incident may cause some concern for users of the service, especially when cyber security experts recommend using a password manager, so there are steps that LastPass users can take for peace of mind. .
“This breach provides an opportunity to assess your security posture if the scope of the breach expands, or if other breaches occur in the future. This is true regardless of whether you specifically use LastPass or not,” said Melissa Bishoping, director of Endpoint Security Research. Tanium.
“This could mean actively rotating passwords, temporarily switching to another password manager or password management service. Use multi-factor authentication not only for your bank accounts and social media, but especially for your LastPass or other password management solutions.
“Many providers, including LastPass, are offering and Migrating to passwordless login which use more advanced security technologies such as FIDO2 security keys. This reduces friction for end-users and increases overall account security,” he added.
Still, the theft of source code and data from some other companies is a cause for concern because this information could be very useful to a threat actor and could lead to future compromises for LastPass itself or its downstream customers.
of deep instinct Justin Von-Braun, vice-president of Market Insights, described source code theft as a scary prospect. “Source code is part of a company’s intellectual property, and therefore holds enormous value to cybercriminals,” he said.
“Threat actors who gain access to source code may be able to find security vulnerabilities in the organization’s products. This means that cybercriminals are then able to exploit vulnerabilities within the network, unknown to the organization. Security incidents like this show organizations that it’s more important than ever to start preventing cyber attacks,” said von-Braun.