World’s largest password manager said it was hacked: are your passwords safe?

LastPass assured its users not to worry about their account’s security and said the passwords are safe.

Highlights
  • LastPass’s user base includes more than 33 million people across the globe.
  • The company revealed about a hacker breaking into its system and stealing its source code and proprietary information.
  • LastPass however doesn’t believe any passwords were stolen or accessed by the hacker via the breach.

LastPass, a freemium password manager with a user base of more than 33 million people across the globe, stores user passwords in encrypted format. It recently revealed, via a blog post that a hacker broke into the system and stole its source code and proprietary information.

Show Full Article

The company explained that an “unauthorized party” broke into its developer environment, which is the software used to build and maintain LastPass’s product by its employees. It further confirmed that the hackers gained access to its system via a single compromised developer’s account

However, the company refused to believe that any passwords were accessed or stolen by the hacker via this breach.

An analyst on the Computer Security Incident Response Team at cybersecurity company Recorded Future, Allan Liska said that the “speedy notification” from LastPass impressed him. He added that two weeks may seem like a time long enough to revert but he affirmed that incidents like these can take a while for the concerned company’s response team to fully analyse and furnish a report on the situation. “It will take time to fully determine the extent of any damage that may have been as a result of the breach. However, for now, it appears to not be client-impacting.”
There are speculations all over the internet that hackers might as well get access to the user passwords via the stolen source code and proprietary information. Liska claimed that it is unlikely that the stolen source code and proprietary information will give the hackers access to user passwords.
LastPass however has not given any further comments on the same.