News

LastPass suffers a security breach: part of its code is stolen

LastPasscompany that created the password management program of the same name, has suffered a security breach two weeks ago. The attackers managed to sneak into your network and keep part of the application’s source code. Of course, from the company they have ensured that none of the passwords stored by users of the application have been exposed. Nor to the master passwords that give access to the containers with the rest of the service passwords of each LastPass user.

Hackers managed to break the security of a developer’s account, which they used to steal “source code and certain technical information proprietary to LastPass«. The company has stressed in a statement detailing the breach and its effects that it does not have «evidence that this incident involved any type of access to customer data or encrypted password containers«. That is why they do not recommend taking any security measures for users, apart from the good practices that they usually use.

Karim Toubba, CEO of LastPass, has detailed that a couple of weeks ago they detected some unusual activity in the LastPass development environment. They immediately launched an investigation, and concluded that an unauthorized third party gained access to various areas of the LastPass development environment through the developer account, which, as mentioned, they identified as compromised. Through it they subtracted the aforementioned components.

The company has also ensured that its products and services are operating normally, and in response to the incident they have deployed various containment and mitigation measures. They have also hired the services of a cybersecurity and forensic analysis company to further the investigation. While it is being done, they have implemented additional security and containment measures. They also ensure that no further evidence of unauthorized activity has been recorded.

For now there is no more information, and from LastPass they assure that when they have more data on how the attack has occurred and its effects they will communicate it to their users. Furthermore, they areevaluating the implementation of more mitigation techniques» to reinforce your environment.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *