Back in August 2022, popular password manager company LastPass admitted to a data breach.
The company, which is owned by sofware-as-a-service business GoTo, which used to be LogMeIn, published a very brief but nevertheless useful report about that incident about a month later:
Briefly put, LastPass concluded that the attackers managed to implant malware on a developer’s computer.