Recently, LastPass, a widely used password manager with over 33 million users, fell victim to a hack where an unauthorized party gained access to the company’s source code and proprietary information by exploiting the developer environment. LastPass has assured users that no passwords were believed to have been compromised in the breach, alleviating the need for additional security measures by its users. The password manager has confirmed that its products and services continue to function normally.
According to a recent blog post by LastPass, unusual activity was detected in specific areas of the LastPass development environment. Despite this, the company maintains that there is no evidence suggesting the compromise involved customer data or encrypted password vaults. The investigation revealed that the unauthorized access occurred through a single compromised developer account, granting the hacker access to portions of source code and proprietary technical details.
LastPass CEO Karim Toubba stated that the company has implemented containment and mitigation measures in response to the incident. Additionally, LastPass has enlisted the services of a leading cybersecurity and forensics firm to address the situation. The password manager has achieved a state of containment and reports no further signs of unauthorized activity at present.
