A password management provider, LastPass, suffered from a breach two weeks ago, giving hackers access to the company’s source code and confidential technical data. After receiving inquiries regarding the intrusion, LastPass issued a security advisory today revealing that it had been attacked by hackers who gained access to the company’s developer environment using a compromised developer account.
LastPass Breach
Although the hackers did obtain some of LastPass’s source code and “proprietary LastPass technical information,” the company claims there is no evidence that user data or encrypted password vaults were stolen. The LastPass statement states:
“In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm.”
Regarding the attack, how the hackers got access to the developer account, and what source code was taken, LastPass has not offered any additional information.
Below you can read the security warning sent to LastPass users.
One of the biggest password management companies in the world, LastPass claims that over 33 million users and 100,000 businesses utilize their services. There are always worries that if the company were hacked, hackers would have access to the saved passwords even if customers and companies utilize the company’s software to store their credentials safely.
But according to LastPass, its “encrypted vaults”—where passwords are kept—can only be opened with a user’s master password, which the company claims was unaffected by the incident.
Last year, LastPass experienced a credential incident that gave hackers access to a user’s master password. It was also discovered that hackers disseminating the password-stealing software RedLine had obtained LastPass master passwords.
In order to prevent hackers from accessing your account even if your password is hacked, enabling multi-factor authentication on your LastPass accounts is crucial.
