Hackers Steal LastPass Source Code and Technical Info, Encrypted Vaults Safe

LastPass, a popular password manager for mobile, desktop, and more, had its source code and proprietary technical information stolen by hackers earlier this month — reports BleepingComputer.

The company today released a security advisory confirming the digital break-in. According to LastPass, the point of infiltration was a compromised developer account that gave perpetrators access to the company’s developer environment.

LastPass maintains the hackers were only able to make away with its source code and “proprietary LastPass technical information.” Customer data, master passwords, and user passwords stored within “encrypted vaults” all remain safe.

“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm,” LastPass explained in the advisory, which was emailed to customers.

“While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.”

You can take a look at the full security advisory below:

LastPass is one of the world’s leading password management platforms, boasting a user base of over 33 million individuals and 100,000 businesses.

The company stores user passwords in encrypted vaults that can only be decrypted using the customer’s personal master password. LastPass assured its users that those weren’t touched in this attack.

This isn’t the first time LastPass has been breached. In fact, a security breach last year that LastPass initially denied altogether even affected master passwords.

LastPass users don’t need to change their master passwords in the wake of this hack (unless they want to be extra careful). However, you should definitely enable multi-factor authentication for your LastPass account — if you haven’t already — to prevent bad actors from accessing your account even if your master password is ever compromised.