Security News > 2022 > September > LastPass source code breach – incident response report released
The big story from last month was the LastPass breach, in which an attacker apparently got access to just one part of the LastPass network, but was able to make off with the company's proprietary source code.
LastPass has now published an official follow-up report on the incident, based on what it has been able to figure out about the attack and the attackers in the aftermath of the intrusion.
We think that the LastPass article is worth reading even if you aren't a LastPass user, because we think it's a reminder that a good incident response report is as useful for what it admits you were unable to figure out as for what you were.
As we noted in a recent article about the risks of timestamp ambiguity in system logs, being able to determine the precise order in which events occurred during an attack is a vital part of incident reponse: LastPass keeps its development and production networks physically separate.
Although source code was stolen, no unauthorised code changes were left behind by the attacker.
This makes it believable for LastPass to claim that no modified or poisoned source code would have reached customers or the rest of the business, even if the attacker had managed to implant rogue code in the version control system.