Many people around the globe use password managers to secure their credentials in a single place. One of the most popular tools in this area is the freemium application LastPass. Today, the company has informed customers that its development environment was breached in a cybersecurity incident.
In a blog post, CEO Karim Toubba has stated that signs of unusual activity in its development environment were detected two weeks ago. Following this, the company immediately went into containment mode, deployed mitigation measures, partnered with a cybersecurity company, and began a detailed investigation.
Although this investigation is ongoing, Toubba says that no signs of access to user data or encrypted password vaults have been detected at this time. Only snippets of the LastPass' source code and proprietary technical documentation has been stolen.
LastPass is yet to reveal the details about this breach occurred in the first place, but for now, it has stated that an "unauthorized party" managed to gain access to portions of its development environments by compromising a single developer account.
The firm has emphasized that no customer data, Master Passwords, or user vaults have been breached because developer accounts don't have access to this information either. As such, it has recommended no user or administrative action at this point but says that it will continue providing updates as more details emerge.
For those keeping count, this is the second high-profile cybersecurity incident we have covered this week. Plex recently confirmed that its database has been breached too, with emails, usernames, and encrypted passwords being stolen.
42 Comments - Add comment