Parts of the source code were taken by cybercriminals who got into the company’s networks. LastPass claims that although hackers broke into its computers and took some of its source code, no client credentials were exposed.
The well-known password manager claims it began looking into the matter roughly two weeks ago after seeing some “strange activity” in specific areas of its developer environment in a message to customers on Thursday.
It was later discovered that someone had taken some of that environment’s source code and other confidential technical information after gaining unauthorized access to it via a compromised developer account.
After launching an immediate investigation, LastPass CEO Karim Toubba stated in the customer alert, “We have seen no evidence that this incident involved any access to user data or encrypted password vaults.”
LastPass claims it has taken steps to contain and end the compromise and has hired a cybersecurity firm from the outside to look into it. The business claims that, despite its ongoing investigation, it has not discovered any new indications of intrusion.
Password managers are both free and paid programs that encrypt and store all of a user’s login information and automatically fill in the correct websites and apps when a master password, PIN number, or biometric factor is entered.
The fact that LastPass and many other password managers don’t store, have access to, or know their customers’ master passwords as part of their security procedures helps to secure user information in the event that the firm experiences a security breach.
Password managers are strongly advised by security professionals because they significantly reduce the likelihood that users would create poor passwords or passwords that are the same for many accounts.