A security incident compromised some of source code and technical information.
The threat actor’s activity was limited to a four-day period in August 2022 and there is no evidence of any threat actor activity beyond the established timeline.
There is no evidence that this incident involved any access to customer data or encrypted password vaults.
The threat actor gained access to the Development environment using a developer’s compromised endpoint after the developer had successfully authenticated using multi-factor authentication.
TPRM report: https://scoringcyber.rankiteo.com/company/lastpass
"id": "las220261022",
"linkid": "lastpass",
"type": "Cyber Attack",
"date": "08/2022",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"{'affected_entities': [{'type': 'Organization'}],
'attack_vector': 'Compromised Endpoint',
'data_breach': {'type_of_data_compromised': ['Source Code',
'Technical Information']},
'description': 'A security incident compromised some of the source code and '
'technical information. The threat actor’s activity was '
'limited to a four-day period in August 2022 and there is no '
'evidence of any threat actor activity beyond the established '
'timeline. There is no evidence that this incident involved '
'any access to customer data or encrypted password vaults. The '
'threat actor gained access to the Development environment '
'using a developer’s compromised endpoint after the developer '
'had successfully authenticated using multi-factor '
'authentication.',
'impact': {'data_compromised': ['Source Code', 'Technical Information'],
'systems_affected': ['Development Environment']},
'initial_access_broker': {'entry_point': 'Compromised Endpoint'},
'title': 'Source Code and Technical Information Breach',
'type': 'Data Breach'}