LastPass, one of the world’s most utilised password manager platforms, revealed that it had been victimised by hackers who stole some portions of its internal source code and corporate technical files. In an advisory published by the firm, they explained that the hacker had accessed a developer’s account, allowing them to collect proprietary data.
Furthermore, the company stated in the released advisory that only a single developer account was compromised in the attack. Their customers were also assured that their products and services operate normally after an immediate response to the incident.
After detecting unusual activity in their computer network, LastPass’s security team immediately contained the compromised development area. The password manager firm also applied appropriate measures to avoid similar issues in the future.
Third-party security teams were also contacted to aid the password manager platform in investigating the data breach incident. The investigation then verified that the customer data was safe from the intrusion and the hackers had only accessed the compromised development environment.
The password manager platform also intends to upgrade its network defences to ensure safety against cyberattacks.
Due to the data breach incident on LastPass, several clients became worried about utilising the platform to store and manage their passwords. However, the firm confirmed that the master passwords and all vault contents have neither been accessed nor stolen by the hackers.
The software vault in LastPass stores usernames and passwords, helping users login to their applications or social media accounts without hassle. As explained by the company, the vault has maximum security engineered to ensure the safety of all user credentials.
Moreover, the master passwords for the vault are not kept by the password manager platform since users are responsible for remembering them. Thus, all encrypted user passwords remain safe from any malicious intrusions.
No other information about the stolen corporate files and source code has been shared. Cybersecurity researchers would continue to probe the situation and update affected users once new details were disclosed.
