LastPass, one of the most popular password managers, has confirmed that its source code and blueprints were stolen by an introducer. The documents were reportedly stolen by a cyber-thief.
LastPass Announced that Someone Broke Into One of The Developer’s Accounts
According to the story by The Register, the password manager maker announced that someone was able to break into one of the developer’s accounts. They then used the account in order to gain access to the company’s proprietary data.
LastPass has reportedly been extremely popular in the securities world and despite cyber-thief gaining access to their source code and blueprints, they are still insisting that the passwords of the users were safe. It was also announced that the cyber theft happened two weeks before their announcement.
Service Already has 80K Business Customers and 25 Million Users
The company is based in Massachusetts and is said to have 80K business customers and 25 million users. LastPass CEO Karim Toubba also released an official statement regarding the situation.
As per Toubba, they have been able to determine that an unauthorized party was able to get access to “portions of the LastPass development environment.” It was also noted that they were able to do so by using a single compromised developer account.
No Evidence was Found of Any Access to Customer Data or Encrypted Password Vaults
This resulted in portions of the source code being taken with some proprietary LastPass technical information. Tuobba noted that after an immediate investigation was initiated, they found out that there was no evidence that the incident involved “any access to customer data or encrypted password vaults.”
It was noted that they were able to discover the break-in once the unusual activity was detected within the developer area inside the computer network of LastPass. The software house noted that it had contained the security breach and assured users that this won’t happen again and that they have also contacted other outside infosec experts in order to get help.
LastPass Said Master Passwords Remained Safe
The chief executive noted that his outfit could take more steps in order to improve its network defenses. For those that don’t know, LastPass offers a software vault that keeps username and password pairs to allow users to log into websites.
This does two things; helps users save time when logging in and keeping their passwords safe compared to saving them in a simple file or leaving it out in the open. LastPass stated that the master password has remained safe and has not been compromised by the intruder.
Previous LastPass Compromises
While LastPass insisted that the passwords were safe, there was another blunder back in 2019. During that time, a bug was found on the website that could be exploited to steal passwords for accounts used on other sites.
Another serious password-leaking flaw was also found in its code back in 2017.
This article is owned by Tech Times
Written by Urian B.
ⓒ 2022 TECHTIMES.com All rights reserved. Do not reproduce without permission.