Joe Hindy / Android Authority
TL;DR
- Password manager LastPass has revealed that it suffered a security breach.
- Source code and technical information were stolen as a result.
- LastPass said that user details weren’t accessed.
It seems like major service providers aren’t having a good time when it comes to security incidents this week. Plex recently announced a security breach and called on users to change their passwords. Now, popular password manager LastPass has revealed that it’s suffered a breach too.
LastPass CEO Karim Toubba penned a blog post on the company website, confirming that it detected “unusual activity” in the service’s development environment.
It turns out that a malicious actor made off with key information:
We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” the company added.
Related: How secure are password managers? Should you be using one?
LastPass also answered a few pertinent questions in a FAQ section on the post, explaining that user vault data, personal information, and master passwords weren’t compromised.
The company also said that it doesn’t recommend users take any specific action right now, such as resetting master passwords. Nevertheless, LastPass users should be using multi-factor authentication anyway for maximum security and peace of mind. And we wouldn’t blame you at all if you decided to reset your master password.
