Two weeks ago, LastPass detected a beach in their security systems. And now, the company has acknowledged a hack by an unauthorized third party via a single compromised developer account. The hacker took portions of the source code and proprietary LastPass technical information.
However, after immediately initiating an investigation, the company discovered no evidence that this incident involved any access to customer data or encrypted password vaults. “Our products and services are operating normally,” says the company
LastPass is a password manager that stores encrypted passwords online for free. LastPass’s standard version includes a web interface, browser plugins, and a mobile app. It also includes bookmarklet support.
Even though the company is solely concerned with protecting its users’ passwords, it itself has experienced a security breach. However, the company is reassuring its customers via a public notice that there’s been no harm to the customer data or encrypted password vaults.
Getting breached is a matter of immense concern for many users as LastPass is trusted by many to keep their passwords safe. However, the company says it is constantly monitoring the problem and taking appropriate measures.
As per the notice, LastPass has implemented a few containment and mitigation measures in response to the incident. In addition, a leading cybersecurity and forensics firm has been retained to handle the situation.
According to the company, they achieved a “state of containment” during the investigation, implemented additional “enhanced security measures,” and found no additional signs of unauthorized activity.
The breach is quite sensitive for multiple users because businesses also use LastPass, and their employees most likely have a Master Password to log in to their accounts. LastPass, on the other hand, claims that the Master Password’s integrity is unaffected because they never store it. The company emphasizes that all passwords are secure and that only the customer can decrypt all vault data.
What can you do?
Although the company is not recommending any action at the moment, we advise you use strong and difficult passwords for apps and portals. It should include upper case and lower case letters, numbers, and special characters if the portal allows for it. You can also use random and memorable phrases which are not easy to guess. What are your thoughts on this? Comment down below.