LastPass, the password manager used by millions across the world, says it has been hacked

LastPass, a password manager used by more than 33 million people around the world, said a hacker recently stole its source code and proprietary information after breaking into its systems.

The company does not believe any passwords were taken as part of the hack nor should users take action to secure their accounts, according to a blog Thursday.

An investigation found that an “unauthorized party” had breached its developer environment, the software that employees use to build and maintain the LastPass product. The company said the perpetrators gained access through a single hacked developer account.

We recently discovered unusual activity within parts of the LastPass development environment, launched an investigation, and deployed containment measures. We have no evidence that this involves any access to customer data. More information: https://t.co/cV8atRsv6dpic.twitter.com/HtPLvK0uEC

– LastPass (LastPass) August 25 2022

The attack hit a company that creates and stores hard-to-crack passwords that are automatically generated for multiple accounts, such as Netflix or Gmail, on behalf of their users — without having to enter credentials manually. LastPass lists Patagonia and Yelp Inc. and State Farm as customers on their website.

Cybersecurity website Bleeping Computer reports that it asked LastPass about the hack two weeks ago.

Alan Liska, an analyst in the computer security incident response team at cybersecurity firm Recorded Future, said he was impressed with LastPass’s “quick notification.”

“While two weeks may seem like a long time to some, it may take some time for incident response teams to fully assess and report on the situation,” he said. “It will take time to determine the extent of any damage that may have been the result of the breach. However, at the moment it does not appear to affect the customer.”

LastPass did not immediately respond to a request for further comment.

There has been speculation on social media that hackers may be able to gain access to the keys to password vaults after stealing source code and proprietary information.

“Stolen source code is unlikely to give criminals access to customer passwords,” Liska said.

(Except for the headline, this story has not been edited by the NDTV crew and is published from a syndicated feed.)