LastPass has announced that one of their developer accounts has been breached and used to gain access to proprietary data. However, the organisation claim that their 25 million users and 80,000 customer passwords are still safe.
LastPass is a password manager that stores encrypted passwords online for free. The standard version includes a web interface, browser plugins, a mobile application and bookmarklet support.
Following the attack, LastPass CEO Karim Toubba announced:
“We have determined that an unauthorised party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally".
Touba added that after initiating an immediate investigation, there was no evidence that the incident involved any access to customer data or encrypted password vaults.
A data breach is a matter of immense concern for many LastPass customers as they trust LastPass to keep their passwords and subsequent data secure.
However, the company maintains their stance that customers will experience no impact. If passwords had been breached as a result of this attack, the breach would be significant for many users including acclaimed businesses and users with poor password maintenance.
Additionally, LastPass assures that the master password used for all users’ connected devices is unaffected. The company maintains that all passwords are secure and that only the customer can decrypt any vault data.
Reporting
Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).