The world’s biggest password manager, LastPass, with over 25 million users confirms a security breach that took place two weeks ago. The breach took portions of source code and some proprietary technical information. LastPass’s CEO, Karim Toubba, wrote in a letter to customers confirming the security breach at LastPass; “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”
Security Breach at LastPass: Customer Data was not Compromised
LastPass explained that the security breach at LastPass occurred through a compromised developer’s account, however, the company has seen no evidence of customer data or encrypted password vaults being compromised. Karim Toubba, said; “Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
LastPass allows its users to store their passwords in a vault that can be unlocked with a singular master password. The CEO confirmed that the security breach did not compromise users’ master passwords. He further added that no action is required by users in regard to their password vaults.
Not the First Time
In 2015, LastPass confirmed that the hackers had accessed their network and the users were advised to change their master password. The company said; “Encrypted user vaults were not compromised, so no data stored in your vault is at risk (including form fill profiles, secure notes, site usernames, and passwords). However, if you used your master password for any other website, we do advise changing it – on LastPass as well as on the other websites.”
Also read: DoorDash’s Personal Customer Data Gets Compromised by Hackers
