World's most popular password manager LastPass was hacked; users' password safe

By Aditi T  |  First Published Aug 26, 2022, 11:01 AM IST

An "unauthorised party" gained access to the company's developer environment, which is the software used by employees to create and maintain the LastPass product, as per the investigation. 


Nearly 33 million people worldwide use the password manager LastPass, which confirmed that recently a hacker broke into its networks and stole sensitive data and source code. 

Following a blog post on Thursday, the company doesn't believe any passwords were obtained as part of the breach, and users shouldn't need to take action to secure their accounts.

We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC

— LastPass (@LastPass)

Tap to resize

Latest Videos

Tap to resize


According to an inquiry, the software used by staff employees to develop and maintain the LastPass product was accessed by an "unauthorised party." According to the company, the perpetrators could enter the system by using a single compromised developer's account.

The attack targeted a company that generates and stores difficult-to-crack, auto-generated passwords for multiple accounts, such as Netflix or Gmail, on behalf of its users, eliminating the need for users to enter credentials manually. LastPass lists Patagonia, Yelp Inc., and State Farm as customers on its website.

Bleeping Computer, a cybersecurity website, reported that it had contacted LastPass about the breach two weeks ago.

Allan Liska, an analyst on the Computer Security Incident Response Team at cybersecurity firm Recorded Future, was impressed with LastPass's "quick notification."

He said, "While two weeks may seem like a long time to some, incident response teams can take a while to assess and report on a situation fully," he explained. "Determining how much harm the leak may have caused will take some time. It does not, however, seem to affect the client."

LastPass did not respond immediately to a request for additional comment.

After stealing source code and proprietary information, there was speculation on social media that hackers may be able to access the keys to password vaults.

Liska said that the stolen source code is unlikely to give criminals access to the customer passwords.

Also Read: Just Dial accused of selling user data for mere Rs 15000 to fake Gurugram-based call centres

Also Read: UP Police’s post against hackers, leaves netizens delighted: here’s why
 

Also Read: Bengaluru man loses Rs 30 lakh to escort service; received no service yet
 

click me!