Sunday, September 25, 2022
Home Tech News LastPass confirms attackers stole some source code

LastPass confirms attackers stole some source code

Earlier this week, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.” In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.

Toubba continues on to explain that the company has “implemented additional enhanced security measures” after containing the breach, which it detected two weeks ago. The company wouldn’t comment on how long the breach had been going on before it was detected.

As LastPass explains, at this point its users don’t have to do anything — there’s no reason for you to spend an afternoon changing your master password and doing a full security audit. LastPass, on the other hand, probably has its work cut out for it making sure that it doesn’t have to make any changes now that an unauthorized party may have access to its source code.

To be clear, hackers having access to a program’s source code doesn’t immediately mean they can instantly pwn it, breaking through its defenses. Famously, Microsoft says it doesn’t rely on its source code remaining private for security and says that people being able to read it shouldn’t be a risk (which is a good thing because its source code leaks a lot). And while that should be the case for any company, especially ones whose entire deal is keeping your passwords safe, I’d probably want the company to be poring over its code just to make sure there aren’t any subtle vulnerabilities that it missed if I were a LastPass customer.

Despite the fact that the breach doesn’t seem to be a red alert for security problems at the company, it’s still not a great look for a password manager that’s been struggling with its reputation. It’s just the latest in a line of incidents for LastPass (the software’s Wikipedia page is largely comprised of a section titled “security issues”), and the company also earned the ire of many users for changing its free tier to be significantly less useful in early 2021.

- Advertisment -

Most Popular

‘We saw what happened in Ontario’: Quebecers urged to vote in provincial election

MONTREAL — An incumbent premier and his party sail through an election campaign as a fragmented opposition vies to capture the attention of voters...

Acer Predator Triton 500 SE review: I expected more

/ The Triton 500 SE is an expensive gaming laptop that doesn’t flex its hardware enoughThe Acer Predator Triton 500 SE offers high-end...

Weekly poll results: Motorola Edge 30 series shows a lot of promise

Last week’s poll shows that Motorola is on the right path – the Edge 30 trio received a mostly warm welcome, with people showing...

BTS and SoftBank’s BBIX Partner to Accelerate Global CPaaS and Roaming Innovation

The partnership will accelerate the deployment of international peering services that support innovation in CPaaS and open connectivity models Business Telecommunications Services (BTS), a global...