LastPass, a password manager used by more than 33 million people worldwide, said a hacker recently stole source code and proprietary information after breaking into its systems. Reportedly, the company doesn’t think any passwords were taken as part of the breach and users shouldn’t need to take any action to secure their accounts.
“Unauthorised party” gained access to LastPass’s developer environment; reveals investigation
An investigation determined that an “unauthorized party” cracked into its developer environment, which is the software that employees use to build and maintain LastPass’s product. Moreover, the company said the perpetrators could gain access through a single compromised developer’s account.
As per Bloomberg, the organization that was attacked is one that automatically creates and maintains complex passwords for a variety of user accounts. It includes Netflix and Gmail. It is done so that customers don’t have to enter their login information manually. Also, on its website, LastPass cites Patagonia, Yelp Inc., and State Farm as clients.
“It is unlikely that the stolen source code will give the criminals access to customer passwords.”
Cybersecurity website Bleeping Computer reported that it had asked LastPass about the breach two weeks ago. Allan Liska, an analyst on the Computer Security Incident Response Team at cybersecurity company Recorded Future, said he was impressed with the “speedy notification” from LastPass.
“While two weeks might seem like a long time to some, it can take a while for incident response teams to fully assess and report on a situation,” he said. “It will take time to fully determine the extent of any damage that may have been as a result of the breach. However, for now, it appears to not be client-impacting.”
On social media, there was suspicion that after stealing source code and confidential material, hackers might be able to get their hands on the passwords to password vaults. “It is unlikely that the stolen source code will give the criminals access to customer passwords,” Liska said.