LastPass supply code breach – incident response report launched – Bare Safety

If the large story of this month seems set to be Uber’s knowledge breach, the place a hacker was allegedly in a position to roam extensively via the ride-sharing firm’s community…

..the large story from final month was the LastPass breach, wherein an attacker apparently bought entry to only one a part of the LastPass community, however was in a position to make off with the corporate’s proprietary supply code.

Fortuitously for Uber, their attacker appeared decided to make a giant, fast PR splash by grabbing screenshots, spreading them liberally on-line, and taunting the corporate with shouty messages equivalent to UBER HAS BEEN HACKED, proper in its personal Slack and bug bounty boards:

The attacker or attackers at LastPass, nevertheless, appear to have operated extra stealthily, apparently tricking a LastPass developer into putting in malware that the cybercriminals then used to hitch a journey into the corporate’s supply code repository:

LastPass has now revealed an official follow-up report on the incident, primarily based on what it has been in a position to determine concerning the assault and the attackers within the aftermath of the intrusion.

We expect that the LastPass article is price studying even should you aren’t a LastPass consumer, as a result of we predict it’s a reminder {that a} good incident response report is as helpful for what it admits you have been unable to determine as for what you have been.