LastPass password manager victim of a cyberattack

The star of password managers, the LastPass service was the victim of an intrusion into its computer system. According to an email sent on August 25, 2022 to users of the software, a malicious hacker managed to break into the company’s machines and steal part of the firm’s source code and technical information.

No worries about data

The intrusion allegedly took place in early August through a compromised developer account. According to the company, there is no evidence that the hacker gained access to customer data and the password vault. “This incident occurred in our development environment [et] did not compromise your master password”tempers LastPass. A priori therefore, no fear to have for its stored identifiers, the company having “contained the issue, implemented additional security measures”and would not have “not witnessed any other attempts of unauthorized activity”.

The analysis of the incident is still in progress, but for the moment, the company does not advise to change its password. On the other hand, it very opportunely recommends taking advantage of this incident to strengthen account security by activating double authentication in particular. Those who wish to know more about the subject can turn to the tutorial offered by the firm.

The ransom of success

According to sources interviewed by the site Bleeping Computeremployees would have “painfully tried to contain the attack after it was detected”. The motivations behind this intrusion are not detailed by LastPass, but it is easy to imagine a hacker trying to break into the systems of software used by more than 33 million Internet users and 100,000 companies worldwide. .

This isn’t the first time LastPass has come under attack. In December 2021, the password manager was experiencing hacker login attempts on the accounts of many users. In 2019, the company also fixed an identified flaw in its Chrome extension.