Photo by Tada Images/Shutterstock.com
Lastpass systems were breached and the cybercriminals got away with portions of source code, and some proprietary tech information but none of the customer data or encrypted password vaults was accessed.
The company found out that a single compromised developer account allowed the cybercriminals to gain access to portions of Lastpass development environment, which allowed them to steal portions of the source code and proprietary data.
Lastpass confirmed that the breach didn’t affect their products or services and all systems are running as usual and they don’t see “further evidence of unauthorised activity”.
According to the company, no Master Password was compromised, which by extension means all the passwords should be safe.
“After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,” Lastpass confirmed on Thursday.
In December 2021, Lastpass blamed credential stuffing as dozens of people received email notifications that their master password was compromised and further login attempts were blocked. However, it was also reported that thousands of Lastpass login credentials were found in Redline Stealer malware logs.
“At this time, we don’t recommend any action on behalf of our users or administrators. We have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm,” Lastpass said.