Password manager with 25 million users LastPass confirms the breach

LastPass developer system got hacked: no passwords taken

LastPass suffers a security breachPassword management company got hacked via developers account

A password management firm got hacked a few weeks ago. Threat actors could possibly steal the company's source code and proprietary technical information.[1] This is one of the world's biggest password managers, with 25 million users. The CEO confirmed[2] the security breach that was caused when an unauthorized party had stolen portions of the source code and some proprietary LastPass technical information.

In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm

Insiders revealed some details to news sites and stated that employees were scrambling to contain the attack after the breach.[3] The advisory was finally released, confirming the breach via the compromised developer account. There is no evidence that customer data or encrypted passwords were compromised, according to the company. Threat actors did steal portions of the source code and other technical details.

The investigation is ongoing, no further details

The company states that they have reached the containment stage and implemented various enhanced security measures, so there could not be further attacks and unauthorized activity. However, further details were not provided regarding the security incident. It is unclear until now if the threat actor that compromised the developer account and stole source code affected any data related to customers and their passwords.

LastPass users, of course, still remain concerned that hackers could have got access to their accounts and passwords. The company still tries to make clear that the zero-knowledge architecture implemented by them ensures that master passwords are never stored on their databases. Hence, no action is required by users in regard to password vaults and the security of their data.

Last year, however, LastPass suffered a credential stuffing attack that resulted in threat actor access to master passwords.[4] The company confirmed that master passwords were stolen by hackers who also distributed the RedLine password-stealing malware on systems.[5]

Keeping your passwords safe

It is crucial to enable multi-factor authentication on your LastPass accounts to avoid issues with threat actors attacking and accessing your accounts. It is also important to keep your personal data and finances secure. online security is more important than ever since we do everything on the internet.

It can be the security of your bank accounts, credit card company site or financial services, and online store accounts. Either way, it is crucial to keep your passwords secure and protected from common fraud or theft and even malicious attackers and malware.

There are many tips for passwords, but the main rules are not changing. Being precautions is a very good tip because this is the part were assuming the worst and always taking every precaution can help. Keep your passwords unique to avoid accidental guessing.

Avoiding common passwords with a number or word combinations like 123456 or password112233 is not a good option. Good passwords are at least eight characters long because it is more difficult to guess such a password when it is longer and unique to a particular user. Using these password manager services is optional and good for the user, but do not forget about multi-factor authentication too.

About the author
Gabriel E. Hall
Gabriel E. Hall - Passionate web researcher

Gabriel E. Hall is a passionate malware researcher who has been working for 2-spyware for almost a decade.

Contact Gabriel E. Hall
About the company Esolutions