Hacker Steals Source Code, Proprietary Data From LastPass

Security Experts Continue to Recommend Password Managers as Security Best Practice
Hacker Steals Source Code, Proprietary Data From LastPass

A threat actor gained unauthorized access to the source code and proprietary technical information of password manager LastPass, the company told its customers on Thursday.

See Also: Now OnDemand | C-Suite Round-up: Connecting the Dots Between OT and Identity

The unauthorized user compromised a single developer account to steal portions of the LastPass development environment, the company says. There is "no evidence" the attacker gained access to customer data or encrypted password vaults, LastPass spokesperson Nikolett Bacso-Albaum tells Information Security Media Group. The incident occurred two weeks ago.

The company says its zero knowledge model ensures that only customers can access decrypted password vault data. LastPass products and services were not disrupted by the incident, Bacso-Albaum adds.

LastPass says it has contained the impact from the incident, implemented additional security measures, and hired a security and forensics firm to conduct the investigation.

"We are evaluating further mitigation techniques to strengthen our environment," says Karim Toubba, CEO of LastPass.

This isn't the first time LastPass has been a target for hackers, including a 2015 incident that saw attackers make off with usernames and hashed master passwords (see: LastPass Sounds Breach Alert). Users with strong master passwords used for unlocking access to the password vault had little cause for concern - even less so if they activated multifactor authentication.

Strong security practices by the password manager industry has security experts continuing to recommend password managers as a best practice. A recent study found password strength increases significantly when users use an application to manage passwords. The 2019 study, led by human-centered security researcher Karen Renaud, found only about 10 percent of a surveyed student population used password managers.

A late 2021 online survey by Security.org found the adoption rate to be 20 percent, the same percentage of the population that admitted to reusing the same handful of passwords for online account access.


About the Author

Prajeet Nair

Prajeet Nair

Principal Correspondent, ISMG

Nair is principal correspondent for Information Security Media Group's global news desk. He has previously worked at TechCircle, IDG, Times Group and other publications where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.