Unauthorized access to the password management service’s development environment was reported.
The “LastPass Hacked” Incident
LastPass confirmed that its source code was taken in a data incident and was hacked.
LastPass CEO Karim Toubba discovered the hack after seeing unusual activity two weeks ago. A hacked developer account allowed unauthorized access to the environment. This third party took “LastPass technical material” and “source code.”
LastPass has taken precautions while investigating the issue, including “reaching a state of containment” and “implementing extra improved protection.” No indication of illegal access to the developer environment has been identified.
The company stated it was studying mitigation strategies to avoid future attacks and has “commissioned a prominent cybersecurity and forensics firm” to investigate however.
LastPass said no passwords, master passwords, or personal data were compromised.
LastPass explained in a FAQ section that user vault data, personal information, and master passwords weren’t hacked.
The business doesn’t recommend customers reset master passwords right now. Moreover, LastPass users should use multi-factor authentication for maximum security. Furthermore, we wouldn’t blame you for changing your master password.
Has your LastPass Password information is breached?
Users of LastPass will worry that a hacker could have their passwords, which are the keys to their online kingdoms. But LastPass has made it clear that master passwords are never stored. This is because of the “zero knowledge” architecture that is used. “LastPass will never know or have access to our customers’ master passwords,” Toubba said. “Your master password was not compromised by this incident.” So, LastPass says that users don’t need to do anything with their password cellars.