LastPass source code copied by hacker – Security

Noted password management company LastPass has come under attack again, but assured customers that their accounts will remain secure.

CEO Karim Toubba posted on the company blog that LastPass had determined that an unauthorized party had gained access through a single compromised developer account.

The attacker was able to take “parts of the source and some proprietary technical information from LastPass,” Toubba said.

“In response to the incident, we implemented containment and mitigation measures, and engaged a leading cybersecurity and forensics firm.

While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity,” added Toubba.

LastPass CEO said that users’ master passwords were not compromised, as LastPass operates an industry-standard zero-knowledge architecture, which means the company does not store credentials on its servers.

Users’ vaults and personal information have also not been accessed, LastPass said.

LastPass is an attractive target and has been compromised several times in its life, including a 2011 incident in which some users’ email addresses and their salted password hashes were transferred from a company database. business.

In 2015, LastPass suffered a data breach again, resulting in user account data being compromised.

Be the first to comment

Leave a Reply

Your email address will not be published.