LastPass reports a breach
LastPass – one of the world’s leading password managers – reported a breach that resulted in the service’s source code and technical data being stolen.
According to LastPass, a few weeks ago they noticed unusual activity in their development environment. After launching an investigation, the service found that an unauthorized party had indeed gained access to certain portions of LastPass’s technical side through a compromised employee account. The breach resulted in certain portions of the LastPass source code, and certain proprietary technical information being stolen.
LastPass, however, insists, that none of the users’ credentials, login information, passwords, master passwords, encrypted drives, or the information they contain got stolen or are in any kind of danger. All of the provider’s services are operating as normal, and there is no need for the user to be changing their passwords or login credentials.
Currently, LastPass is conducting a thorough investigation into the breach, employing the help of an unnamed “leading cybersecurity and forensics firm“. In the meantime, company representatives assure the customers that they were able to contain the incident, and have implemented additional security measures to protect the service.
According to Bloomberg, LastPass has over 33 million users worldwide. Cybersecurity portal Bleeping Computer reports that over 100,000 of LastPass’s clients are companies and enterprises.
Depending on what kind of source code was stolen in the breach, malicious attackers could potentially reverse-engineer the algorithms that go into the service’s automatic password generation and gain further access to user accounts.