Skip to main content
  1. Home
  2. Computing
  3. News

Hackers stole LastPass source code in data breach incident

By

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company’s products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

Recommended Videos

“Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”

The breach occurred through a compromised developer’s account, and the unauthorized party made off with portions of the company’s source code and proprietary LastPass technical information.

We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC

— LastPass (@LastPass) August 25, 2022

Toubba emphasized that user information was safe and that the unauthorized party did not compromise any passwords or access user vaults.

While it’s comforting to know that no data was stolen at this time, the stolen source code and proprietary information could be a significant issue and contribute to later breach attempts. LastPass seems to be aware of this possibility, as Toubba adds later that the company has hired a “leading cybersecurity and forensics firm.”

This is the second data issue LastPass has experienced in the last year. In December, some LastPass users were subjected to a “credential stuffing attack” by hackers attempting to access personal vaults. According to the company, no one’s accounts were compromised in the attack.

LastPass says it will update customers as the company learns more about what happened.

The breach a few weeks ago occurred in the development environment, so no consumer’s passwords were at risk. User passwords are hidden in encrypted vaults that can only be accessed by the user’s master password. LastPass is largely considered one of the best password managers around.

Editors' Recommendations

Topics
Caleb Clark
Caleb Clark
Former Digital Trends Contributor
Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…
Using LastPass? You need to switch urgently, says security firm
A dark mystery hand typing on a laptop computer at night.

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

Read more
Hackers just stole LastPass data, but your passwords are safe
A physical lock placed on a keyboard to represent a locked keyboard.

The developers behind password management software LastPass have just shared some concerning news: Bad actors were recently able to access “elements of our customers’ information” in a recent security breach.

It’s the second time in just a couple of months that LastPass has suffered a security incident, and it appears the two events are directly linked. That’s because LastPass’s developers say that the unauthorized party was able to access customer data “using information obtained in the August 2022 incident.”

Read more
LastPass is scaling back its free tier. Find out if you need to pay
LastPass

LastPass currently offers a free tier that lets a single user access its password manager service on all their mobile devices and computers. But that’s about to change.

Starting March 16, the company will limit its free tier to only one device type, either mobile or computer. So if you select to keep the free tier for mobile, you’ll be asked to pay a fee to continue using the service on computers, and vice versa.

Read more