LastPass Hacked: Password Manager With 25 Million Users Confirms Breach

Cybersecurity LastPass Hacked: Password Manager With 25 Million Users Confirms Breach Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber New! Follow this author to stay notified about their latest stories. Got it! Aug 25, 2022, 11:08pm EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin LastPass has confirmed hackers stole partial source code SOPA Images/LightRocket via Getty Images One of the world’s biggest password managers with 25 million users, LastPass, has confirmed that it has been hacked .

In an advisory published on August 25, Karim Toubba, the LastPass CEO, said that an unauthorized party had stolen “portions of source code and some proprietary LastPass technical information. ” What was accessed during the LastPass network breach? The breach appears to have been of the development servers, facilitated by a compromise of a LastPass developer account and took place two weeks ago. Incident responders have contained the breach, and LastPass says there is no evidence of further malicious activity.

Toubba also confirmed that neither has evidence been found of any customer data or encrypted password vaults being accessed. MORE FROM FORBES Google Confirms New Attack Can Read All Gmail Messages: Iran Accounts Targeted By Davey Winder Has your LastPass master password or password vault been compromised? LastPass users will, of course, be concerned that a hacker could have got hold of the keys to their online kingdom: their passwords. However, LastPass has made it clear that, courtesy of the ‘zero knowledge’ architecture implemented, master passwords are never stored.

“LastPass can never know or gain access to our customers’ master password,” Toubba said, “this incident did not compromise your master password. ” As such, LastPass says that no action is required by users in regard to their password vaults. LastPass tweeted confirmation of hacking incident Davey Winder What do you think? One Community, Many Voices.

Be the first to comment comments posted on Forbes. Add your voice now. Join the Conversation Not their first rodeo While LastPass should be congratulated for the transparency being displayed in response to this incident, it isn’t the first time that users of the password manager have had to deal with news of a breach.

In June 2015, the company confirmed that hackers had accessed the network . Then, unlike now, users were prompted to change master passwords when logging in. MORE FROM FORBES New Gmail Attack Bypasses Passwords And 2FA To Read All Email By Davey Winder Concerns over what LastPass technical information was stolen It’s good news that customer data was not compromised in this latest incident, but the fact that the intruder accessed source code and ‘proprietary technical information’ is worrying.

Especially as there are no further details regarding exactly what has been stolen. This is a breaking and, therefore, still developing story. I will update this article as more information becomes known.

Follow me on Twitter or LinkedIn . Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.