However on Wednesday, the company’s CEO, Karim Toubba, advised customers that “an unauthorised party” using information gleaned from the previous attack had subsequently been able to access “certain elements of our customers’ information”. “This capability is limited to a separate build release team and can only happen after the completion of rigorous code review, testing, and validation processes.” “Developers do not have the ability to push source code from the development environment into production,” the company said at the time. Sign up for Guardian Australia’s free morning and afternoon email newsletters for your daily news roundup The company also conducted an analysis of its source code and production builds to verify there were no attempts to inject malicious code. LastPass said that its production environment was physically separate to the development environment and not directly connected. Some customer data was accessed, but LastPass said passwords remained safe due to its encrypted architecture. After an investigation the company said, while the threat actor had been able to access the company’s development environment, the system had prevented access to customer data or encrypted passwords.Īt the time LastPass said the attacker had taken portions of source code and some proprietary LastPass technical information, but believed the risk to the app was limited. The company reported a security incident in August 2022, saying an unauthorized party gained access to a third-party cloud-based storage service that LastPass uses to store archived backups.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |