LastPass, The World’s Most Popular Password Manager, Says It Was Hacked
According to LastPass, a password manager used by over 33 million people worldwide, a hacker recently stole source code and proprietary information after breaking into its systems.
According to a blog post published on Thursday, the company believes no passwords were taken as part of the breach, and users should not be required to take any action to secure their accounts.
An investigation determined that an “unauthorized party” cracked into its developer environment, which is the software that employees use to build and maintain LastPass’s product. The perpetrators were able to gain access through a single compromised developer’s account, the company said.
The attack struck a company that generates and stores hard-to-crack, auto-generated passwords for multiple accounts, like Netflix or Gmail, on behalf of its users — without the need to manually enter credentials. LastPass lists Patagonia, Yelp Inc., and State Farm as customers on its website.
Cybersecurity website Bleeping Computer reported that it had asked LastPass about the breach two weeks ago.
Allan Liska, an analyst on the Computer Security Incident Response Team at cybersecurity firm Recorded Future, was impressed with LastPass’s “quick notification.”
“While two weeks may seem like a long time to come, incident response teams can take a while to fully assess and report on a situation,” he explained.
“It will take time to fully determine the extent of any damage caused by the breach. “However, it does not appear to be having an effect on clients for the time being.”
LastPass did not respond immediately to a request for additional comment.
After stealing source code and proprietary information, hackers may be able to access the keys to password vaults, according to social media speculation.
“It is unlikely that the stolen source code will give the criminals access to customer passwords,” Liska said.
Source:- Indian Express