Skip to main content

Hackers stole LastPass source code in data breach incident

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company’s products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

“Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”

The breach occurred through a compromised developer’s account, and the unauthorized party made off with portions of the company’s source code and proprietary LastPass technical information.

We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info:

— LastPass (@LastPass) August 25, 2022

Toubba emphasized that user information was safe and that the unauthorized party did not compromise any passwords or access user vaults.

While it’s comforting to know that no data was stolen at this time, the stolen source code and proprietary information could be a significant issue and contribute to later breach attempts. LastPass seems to be aware of this possibility, as Toubba adds later that the company has hired a “leading cybersecurity and forensics firm.”

This is the second data issue LastPass has experienced in the last year. In December, some LastPass users were subjected to a “credential stuffing attack” by hackers attempting to access personal vaults. According to the company, no one’s accounts were compromised in the attack.

LastPass says it will update customers as the company learns more about what happened.

The breach a few weeks ago occurred in the development environment, so no consumer’s passwords were at risk. User passwords are hidden in encrypted vaults that can only be accessed by the user’s master password. LastPass is largely considered one of the best password managers around.

Caleb Clark
Former Digital Trends Contributor
Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…
Is LastPass safe? Here’s what we know about its security history
LastPass website on a laptop.

LastPass has been in the news quite a bit over the past decade. Following some data breaches and security incidents, you may be wondering if it’s now safe to use the well-known password manager -- whether you’re a previous, current, or potential LastPass user.

Let’s take a look at LastPass’ current features and security measures along with the previous incidents.
What is LastPass?

Read more
What is a password manager?
Username and password on a tablet screen.

How many passwords do you have? Is it 20 or more like 200? Let’s be honest, if you have more than a dozen passwords then you probably can’t remember them all, and luckily, you don’t have to.

You can make life a little easier by learning what a password manager is and what it can do for you. We’ll explain how a password manager works, what it does, and whether it’s safe to use.
What is a password manager?
With the number of passwords we all have to handle these days, a password manager eases the burden. It’s more secure than a pen and paper, more reliable than your memory, and a good way to organize your passwords for quick access.

Read more
Hackers targeted 1Password after Okta breach, but your logins are safe
A dark mystery hand typing on a laptop computer at night.

Security credentials like usernames and passwords are a tempting target for hackers, and even the best password managers can come under threat from time to time. That was the case recently with the popular password manager 1Password, which recently disclosed (via Bleeping Computer) that its Okta support system was breached by malicious hackers.

Fortunately, it doesn’t appear that any customer data was stolen, so if you use 1Password, your login info should be safe for now. However, it’s always good to regularly update your passwords (or use passkeys) just in case they fall into the wrong hands.

Read more