LastPass, the market leader in password management software, became a cyberattack victim after hackers took critical files and internal source code via a compromised employee account. The company claimed no password vaults or customer information was compromised. According to reports, the theft occurred at a more linear level, beginning with the source code and private information.
The password management company asserted that all standard processes were working correctly and received zero damage post the breach. It also assured customers that the cyberattack didn’t reach their customers’ and clients’ password vaults.
With over 25 million users and 80,000 commercial clients, the company appears to continue functioning on its regular schedule and will mitigate the incident to upscale its security and protection.
LastPass breached by hackers
We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC
— LastPass (@LastPass) August 25, 2022
In a blog post published on August 25, 2022, LastPass CEO Karim Toubba disclosed that the company had discovered some unusual activities within the development department. After looking into the incident, the team found no proof that the unknown hacker had accessed any company-stored encrypted password vaults or customer data.
The company’s CEO also discussed how a single compromised developer account allowed an unauthorized individual to view the LastPass source code. As a result, the TA took a piece of the source code and some confidential LastPass technical data.
LastPass’s response to the attack
The company added that it would employ top cybersecurity experts and forensics firms to implement containment and mitigation techniques in response to the attack and prevent more incidents like this from happening in the future.
Toubba said, “While our investigation is ongoing, we have managed to control the situation, added more advanced security measures, and don’t currently have any new indications of unauthorized activity.”
Based on what the company discovered during and after the incident, LastPass will consider more mitigation strategies to improve the corporation’s infrastructure and environment. The post also shared a list of the most frequently asked questions that users might have after the breach.