Ugh oh. The password management company LastPass informed users today that it has suffered a data breach and security incident. According to the report, this hack led to the theft of proprietary Lastpass source code and other technical information.
While this is certainly bad news and something LastPass even has a blog post about, the password manager claims that customer data and accounts are safe. The report goes on to state that no master passwords or encrypted vault data were not compromised or obtained by these bad actors.
According to CEO Karim Toubba, “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.”
For those unaware, password managers like LastPass let you securely store all of your passwords, payment info, and essential login details in one highly encrypted database or vault. Then, you access all of those with one master password.
While the company is saying no user data was stolen, it’s certainly not a good sign or look for a company built on trust and security. Not to mention this is technically the second data breach in the last three years.
For now, the company said it is evaluating and upgrading its techniques to strengthen the development environment. This is still a developing story; as of right now, LastPass isn’t even recommending that customers change their master password. We’ll keep an eye out and update you as we learn more.