One of the world's most prominent password managers with 25 million users, LastPass, has confirmed that it has been hacked. In an advisory published on August 25, Karim Toubba, the LastPass CEO, said that an unauthorized party had stolen “portions of source code and some proprietary LastPass technical information.”
What was accessed during the LastPass network breach?
The breach appears to have been on the development servers, facilitated by a compromise of a LastPass developer account and took place two weeks ago. Incident responders have contained the breach, and LastPass says there is no evidence of further malicious activity. Toubba also confirmed that neither has evidence been found of any customer data or encrypted password vaults being accessed.
Has your LastPass master password or password vault been compromised?
LastPass users will be concerned that a hacker could have gotten hold of their online kingdom's keys: their passwords. However, LastPass has made it clear that courtesy of the ‘zero knowledge' architecture implemented, master passwords are never stored. “LastPass can never know or gain access to our customers' master password,” Toubba said, “this incident did not compromise your master password,” LastPass says that users regarding their password vaults require no action.
Not their first rodeo
While LastPass should be congratulated for the transparency being displayed in response to this incident, it isn't the first time users of the password manager have had to deal with news of a breach. In June 2015, the company confirmed that hackers had accessed the network. Then, unlike now, users were prompted to change master passwords when logging in.
Concerns over what LastPass technical information was stolen
It's good news that customer data was not compromised in this latest incident, but the fact that the intruder accessed source code and ‘proprietary technical information' is worrying. Especially as there are no further details regarding exactly what has been stolen.
It is a breaking and, therefore, still developing story. I will update this article as more information becomes known.
Shanique Taylor is an expert writer with over 150 publications on several blogs and websites before she joined our team at DailyTechFeed. Shanique specializes in Lifestyle, Health, and News articles. Shanique Taylor is also a web expert and keeps us running.