Knowledge base

September 03, 2022

LastPass hacked: password manager with 25 million users confirms breach

One of the world’s largest password managers with 25 million users, LastPass, has confirmed that it has been hacked. In an advisory published on August 25, Karim Toubba, LastPass’ CEO, said that an unauthorized party had stolen “parts of LastPass’ source code and some proprietary Technical Information.”

What was accessed during the LastPass network breach?

The breach appears to have been from the development servers, enabled by a compromise of a LastPass developer account and took place two weeks ago. Incident responders have contained the breach and LastPass says there is no evidence of further malicious activity. Toubba also confirmed that no evidence of customer data or encrypted password vaults being accessed was found.

Has your LastPass master password or password vault been compromised?

LastPass users will naturally worry that a hacker may have gotten their hands on the keys to their online kingdom: their passwords. However, LastPass has made it clear that, courtesy of its implemented “zero knowledge” architecture, master passwords are never stored. “LastPass can never know or access our customers’ master password,” said Toubba, “this incident did not compromise your master password.” As such, LastPass says no action is required by users regarding their password vaults.

Not their first rodeo

While LastPass should be congratulated for the transparency displayed in response to this incident, this is not the first time users of the password manager have had to deal with news of a breach. In June 2015, the company confirmed that hackers had gained access to the network. Then, unlike now, users were asked to change master passwords at login.

Concerns about what technical information was stolen from LastPass

It’s good news that customer data was not compromised in this latest incident, but the fact that the intruder had access to source code and “proprietary technical information” is concerning. Especially since there are no further details on what exactly was stolen.

Source: forbes

Want to know more?

Get in touch

Tech Updates: Microsoft 365, Azure, Cybersecurity & AI – Weekly in Your Mailbox.