LastPass is a password manager used by over 33 million people worldwide. (Representative)
LastPass, the password manager used by more than 33 million people worldwide, said a hacker recently stole source code and proprietary information after breaking into its systems.
According to a blog post on Thursday, the company does not believe any passwords were taken as part of the breach and that users should not take action to secure their accounts.
An investigation determined that an “unauthorized party” broke into its developer environment, which is the software that employees use to build and maintain LastPass’s product. The company said criminals were able to gain access through a single compromised developer’s account.
We recently detected unusual activity in parts of the LastPass development environment and launched an investigation and deployed containment measures. We have no evidence that this includes access to customer data. more info: https://t.co/cV8atRsv6dpic.twitter.com/HtPLvK0uEC
— LastPass (@LastPass) 25 August 2022
The attack hit a company that generates and stores hard-to-crack, auto-generated passwords for multiple accounts, like Netflix or Gmail, on behalf of its users — without the need to manually enter credentials. LastPass lists Patagonia, Yelp Inc. and State Farm as customers on its website.
Cybersecurity website Bleeping Computer reported that it had asked LastPass about the breach two weeks ago.
Alan Liska, an analyst with the computer security incident response team at cybersecurity company Recorded Future, said he was impressed by the “quick notification” from LastPass.
“While it may take two weeks for some people, it may take some time for incident response teams to fully assess a situation and report it,” he said. “It will take time to fully determine the extent of any damages that may result from this breach. However, for now this does not appear to be client-effective.”
LastPass did not immediately respond to a request for further comment.
There was speculation on social media that hackers may have been able to access the keys to the password vault after stealing source code and proprietary information.
“It is unlikely that the source code of the theft would give criminals access to customer passwords,” Liska said.
(Except for the title, this story has not been edited by NDTV staff and is published from a syndicated feed.)