LastPass, a password management provider, was breached two weeks ago, giving threat actors access to the company’s source code and confidential technical data.
After LastPass was compromised, the staff members were rushing to contain the attack. Although LastPass claims there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and “proprietary LastPass technical information.”
More than 33 million people around the world use LastPass
In a blog post, Karim Toubba, LastPass’ CEO, said: “Two weeks ago, we detected some unusual activity within portions of the LastPass development environment,” he said.
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.
We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.”
Response to Attack
“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm,” explains the LastPass advisory.
“While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.”