Monday, September 26, 2022
Home Tech News LastPass hacked, source code stolen

LastPass hacked, source code stolen

LastPass, a major password management provider, has acknowledged some of its source code was recently stolen after one of its developer accounts was hacked.

Some proprietary information was also stolen, the company said Thursday. “After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” it added.

The Bleeping Computer news service said the statement came after it asked the company for comment on Sunday, when insiders tipped it off.

“Two weeks ago we detected some unusual activity within portions of the LastPass development environment,” the Boston-based company said in its statement.

“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally. 

“In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity. “

It hasn’t explained how the staffer’s account was compromised.

In an FAQ accompanying Thursday’s statement, the company said the incident didn’t compromise customers’ master passwords or their data vaults. At this time, LastPass said, neither users nor administrators have to take any action to secure their accounts.

The company says it has 100,000 business customers, as well as individual users. Combined it counts 33 million registered users, with “the significant majority” represented by corporate customers.

LastPass is in the process of being spun off by its parent company, GoTo (formerly LogMein). In April, LastPass named Karim Toubba as its new CEO. In May it added a chief secure technology officer.

It’s the second major cyber incident to have hit LastPass in the last eight months. In December, Bleeping Computer reported that some LastPass customers were alerted after attempts were made to access their password manager with a master password. At the time, a LogMein official said a threat actor likely was trying to access user accounts with email addresses and passwords obtained from third-party data breaches.

- Advertisment -

Most Popular

Hundreds rally in support of Iranian protests and the late Mahsa Amini in Vancouver

A large gathering of rally attendees descended on Vancouver’s Art Gallery on Sunday. Hundreds went to the popular location for protests and public press conferences...

Week 38 in review: Asus ROG Phone 6D announced, Pixel 7 series pre-order date confirmed

Welcome to our recap of the biggest headlines from week 38. The Apple iPhone 14 fever is still here – we saw the regular iPhone...

Content+Cloud appoints Geoff Kneen as new CEO as Peter Sweetbaum joins parent company, the Advania Group

Sweetbaum will support Advania Group’s pan-European growth ambitions as Head of New Markets Content+Cloud today announced that Geoff Kneen will become CEO and that Peter...