Popular password manager LastPass fell victim to a cyberattack. Hackers managed to steal technical information.
LastPass, one of the largest and most popular password managers, fell victim to a cyberattack about two weeks ago. An “unauthorized party” penetrated the dev environment by compromising a LastPass developer account.
After discovering the breach, the company immediately took measures to minimize damage and stop the attack. The attack is under control at this time and additional security measures were taken.
No measures for users
The hackers reportedly stole source code and other technical data from LastPass. User passwords and “master passwords” were unaffected. Therefore, customers don’t have to reset credentials or take other security measures for the time being.
LastPass published the incident’s details on its website. The password manager set up a FAQ to answer user questions. LastPass promised to shortly provide further updates on the incident’s handling.
Experts praise LastPass for disclosing the cyberattack in two weeks’ time. Tech companies typically wait much longer to disclose incidents.
Tip: Hackers attempt to crack LastPass accounts with credential stuffing