LastPass confirms security incident
by Tina Siering
Parts of source code copied at password manager provider LastPass
Password manager provider LastPass has become the victim of a data theft. The company has confirmed the security incident.
On 25/08/2022, LastPass stated in a blog post that unusual activity had been detected in parts of the LastPass development environment dating back two weeks. Unknown persons had gained access via a hacked developer account and stolen parts of the source code, as well as technical information. However, products and services were functioning normally, and the software had not been restricted at any time. Master passwords or personal customer data in safes were reportedly not stolen. It is unclear how the account access took place in detail. There are currently no indications that the attackers are still in the system. The internal investigation of the development environment and the programme are still ongoing, the company said.
Recommendation for LastPass users
According to LastPass, the master password does not need to be changed. But even though the provider has given the all-clear, users should be particularly careful at the moment. It cannot be ruled out that more data may have been leaked. Users are advised to keep a close eye on the sites and services managed with LastPass for anything unusual.