- LastPass said that no user data was compromised, but sensitive information was accessed.
- The company worked closely with security experts from Mandiant to investigate the breach.
- The attacker pretended to be a LastPass developer and used multi-factor authentication to prove his or her identity.
Last month, LastPass said that someone who shouldn’t have been in the system was able to get in and had access to sensitive information for about four days.
The CEO of LastPass said that the company worked closely with security experts from Mandiant, and the investigation showed that no user data had been compromised.
However, the attacker was able to access both the password manager’s source code and technical information.
Access was restricted to the development environment of the service, which has nothing to do with user data.
In addition, LastPass does not have access to the master passwords of its users, which are required to decrypt the data.
The investigation shows that the attacker used a developer’s endpoint and pretended to be the developer after using multi-factor authentication to prove his or her identity.
[embedpost slug=”/apple-iphone-14-supports-8-esims-and-dual-active-esims/”]
