LastPass supply code breach – incident response report launched – Bare Safety


If the large story of this month appears to be like set to be Uber’s knowledge breach, the place a hacker was allegedly capable of roam extensively by the ride-sharing firm’s community…

..the large story from final month was the LastPass breach, during which an attacker apparently acquired entry to only one a part of the LastPass community, however was capable of make off with the corporate’s proprietary supply code.

Luckily for Uber, their attacker appeared decided to make a giant, fast PR splash by grabbing screenshots, spreading them liberally on-line, and taunting the corporate with shouty messages equivalent to UBER HAS BEEN HACKED, proper in its personal Slack and bug bounty boards:

The attacker or attackers at LastPass, nevertheless, appear to have operated extra stealthily, apparently tricking a LastPass developer into putting in malware that the cybercriminals then used to hitch a journey into the corporate’s supply code repository:

LastPass has now revealed an official follow-up report on the incident, based mostly on what it has been ready to determine concerning the assault and the attackers within the aftermath of the intrusion.

We predict that the LastPass article is price studying even in the event you aren’t a LastPass consumer, as a result of we expect it’s a reminder {that a} good incident response report is as helpful for what it admits you have been unable to determine as for what you have been.