@zackwhittaker Totally plausible. Developers LOVE storing passwords, key, access tokens, etc in source code. It’s a constant battle to keep that type of stuff out of source code.

I’m curious what type of customer data was in this shared could storage. They offer combo plans (LastPass + LogMeIn), so could be some account/billing/etc data used to operate that offer.

It’s worth noting that many organizations are very lax in securing/monitoring their development environments. So while it’s good they detected this stuff, they have to know that their dev system are the primary target. I.e. LastPass doesn’t have the keys to access customer passwords… unless a backdoor gets introduced into their source code…