LastPass hacked, source code stolen

Content of the article

LastPass, a leading password management provider, admitted that some of its source code was recently stolen after one of its developer accounts was hacked.

Advertisement 2

Content of the article

Some confidential information was also stolen, the company said Thursday. “After launching an immediate investigation, we have seen no evidence that this incident involved access to customer data or encrypted password vaults,” he added.

Content of the article

News service Bleeping Computer said the statement was made after the company was asked for comment on Sunday, when insiders briefed it.

“Two weeks ago, we detected unusual activity in certain parts of the LastPass development environment,” the Boston-based company said in its statement.

“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of the source code and certain proprietary technical information from LastPass. Our Products and Services operate normally.

Advertisement 3

Content of the article

“In response to the incident, we deployed containment and mitigation measures and engaged a leading cybersecurity and forensics company. While our investigation is ongoing, we have reached a state of containment, implemented additional heightened security measures, and see no further evidence of unauthorized activity. “

He did not explain how the staff member’s account was compromised.

In an FAQ accompanying Thursday’s statement, the company said the incident did not compromise customers’ master passwords or their data vaults. Currently, LastPass said, neither users nor administrators need to take any steps to secure their accounts.

The company claims to have 100,000 business customers, as well as individual users. Combined, it has 33 million registered users, “the vast majority” of which are represented by corporate clients.

Advertisement 4

Content of the article

LastPass is being spun off from its parent company, GoTo (formerly LogMein). In April, LastPass named Karim Toubba as its new CEO. In May, it added a director of secure technology.

This is the second major cyber incident to affect LastPass in the past eight months. In December, Bleeping Computer reported that some LastPass customers were alerted after attempting to access their password manager with a master password. At the time, a LogMein official said a malicious actor was likely trying to gain access to user accounts with email addresses and passwords obtained from third-party data breaches.

The post LastPass hacked, source code stolen first appeared on IT World Canada.

This section is powered by IT World Canada. ITWC spans the enterprise IT spectrum, providing news and information for IT professionals looking to succeed in the Canadian market.

Advertisement 1

comments

Postmedia is committed to maintaining a lively yet civil discussion forum and encourages all readers to share their views on our articles. Comments can take up to an hour to be moderated before appearing on the site. We ask that you keep your comments relevant and respectful. We have enabled email notifications. You will now receive an email if you receive a reply to your comment, if there is an update to a comment thread you follow, or if a user follows you comments. See our Community Guidelines for more information and details on how to adjust your email settings.

#LastPass #hacked #source #code #stolen

Leave a Comment