LastPass Confirms Internal Source Code Compromised in Security Breach


LastPass has announced that its development environment was recently compromised in a security breach. The password manager maker detailed in a blog post that hackers had stolen their internal source code and technical documentation.

LastPass is a popular password manager that allows users to store their credentials and personal information in an encrypted vault. It also makes creating secure and unique passwords for their online accounts easier. LastPass secures information and syncs to any mobile device or computer. The password manager has more than 25 million users and 80,000 business customers worldwide.

Karim Toubba, the CEO of LastPass, explained that the security incident took place about two weeks ago. The threat actors used a compromised developer account to gain unauthorized access to their systems. They managed to steal some proprietary source code and technical documentation. The company contained the security breach, deployed mitigations, and contacted cybersecurity experts for a detailed investigation.

LastPass says users’ master passwords or password vaults are still safe

LastPass claims there is no evidence that the security incident breached customer data, master passwords, or encrypted password vaults. At this point, users and IT administrators are not required to take any action to secure their password vaults.

“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity,” explained Karim Toubba.

It’s great to see that the customer data was not compromised as a part of the latest security breach. However, the fact that the bad actor managed to access source code and technical information raise concerns. It’s a good idea to reset your LastPass master password and protect the account with multifactor authentication.