LastPass Suffers Security Breach: Hacker Steals Source Code and Proprietary Technical Information

LastPass confirms hacker used compromised developer account to access the firm's environment

LastPass, a password management firm, was reportedly hacked in early August. The hackers were able to steal the company's source code and proprietary technical information.

LastPass Hacked

According to Bleeping Computer, the employees of LastPass tried to contain the attack after the firm was breached.

But on Friday, Aug. 26, LastPass released a security advisory confirming that it was breached through a compromised developer account that hackers used to access the firm's developer environment.

While the firm says there is no evidence that customer data or encrypted password vaults were compromised, the hackers did steal portions of their source code and proprietary LastPass technical information.

LastPass explained that in response to the hacking incident, they have deployed containment and mitigation measures and engaged leading cybersecurity and forensics firm, according to Forbes.

While the firm's investigation is ongoing, they have achieved a state of containment, implemented enhanced security measures, and no longer see further evidence of unauthorized activity.

Also Read: Secure Your Passwords While Donating to Charity Through The 'LastPass' Password Manager App

LastPass has not provided further details about the hack, how the hackers compromised the developer account, and what source code was stolen.

The firm is known to be one of the largest password management companies in the world, claiming to be used by more than 33 million people and 100,000 businesses.

As consumers and businesses use LastPass's software to store their passwords securely, there are always concerns that if the company is hacked, it could allow hackers to access stored passwords.

However, the firm confirmed that it stores passwords in encrypted vaults that can only be decrypted using a customer's master password, which LastPass says was not compromised in this recent hack.

Previous Hacks

In 2021, LastPass suffered a credential stuffing attack that allowed hackers to confirm a user's master password. It was also revealed that LastPass master passwords were stolen by hackers distributing the RedLine malware.

Because of this incident, it is important to enable multi-factor authentication on LastPass accounts, so that threat actors won't be able to access personal accounts even if the password is compromised.

In 2015, LastPass was targeted by a hacker that accessed its users' email addresses and encrypted master passwords.

Despite the breach, the firm assured its users that its cryptographic protection was enough to protect almost all of its users.

However, those with simple passwords or ones reused from other websites were vulnerable. The firm took additional measures to ensure that its data remains secure, and users will be notified through email.

The additional measures include resetting master passwords and requiring users to verify themselves by email when they log in from a new device unless they opt to use 2FAuthentication.

In 2011, LastPass was also hacked, but the consumer data stored in LastPass' system were strong, and the breach went undetected.

Given the encryption that LastPass offers, a strong master password is always safe from security breaches.

According to Wired, LastPass said that the company can always detect attacks, and they always alert law enforcement and security forensics experts.

The firm also said that it immediately informs its consumers regarding any breaches.

Related Article: LastPass Will Soon Charge You! Best Alternative Password Managers and How to Transfer Your Data

This article is owned by Tech Times

Written by Sophie Webster

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics