Continue reading this on our app for a better experience

Open in App
Floating Button

World’s most popular password manager says it was hacked

Bloomberg
Bloomberg • 2 min read
World’s most popular password manager says it was hacked
However, LastPass doesn’t believe any passwords were taken and users shouldn’t have to take action to secure their accounts. Photo: Bloomberg
Font Resizer
Share to Whatsapp
Share to Facebook
Share to LinkedIn
Scroll to top
Follow us on Facebook and join our Telegram channel for the latest updates.

LastPass, a password manager used by more than 33 million people around the world, said a hacker recently stole source code and proprietary information after breaking into its systems.

The company doesn’t believe any passwords were taken as part of the breach and users shouldn’t have to take action to secure their accounts, according to a blog post on Thursday.

An investigation determined that an “unauthorised party” cracked into its developer environment, which is the software that employees use to build and maintain LastPass’s product. The perpetrators were able to gain access through a single compromised developer’s account, the company said.

The attack struck a company that generates and stores hard-to-crack, auto-generated passwords for multiple accounts, like Netflix or Gmail, on behalf of its users -- without the need to manually enter credentials. LastPass lists Patagonia, Yelp Inc. and State Farm as customers on its website.

Cybersecurity website Bleeping Computer reported that it had asked LastPass about the breach two weeks ago.

See also: Tesla Cybertruck to go on tour in China to burnish tech cred

Allan Liska, an analyst on the Computer Security Incident Response Team at cybersecurity company Recorded Future, said he was impressed with the “speedy notification” from LastPass.

“While two weeks might seem like a long time to some, it can take a while for incident response teams to fully assess and report on a situation,” he said. “it will take time to fully determine the extent of any damage that may have been as result of the breach. However, for now it appears to not be client-impacting.”

LastPass didn’t immediately respond to a request for further comment.

See also: Samsung races Apple to develop blood sugar monitor that doesn't break skin

There was speculation on social media that hackers may be able to access the keys to password vaults after stealing source code and proprietary information.

“It is unlikely that the stolen source code will give the criminals access to customer passwords,” Liska said.

Highlights

Re test Testing QA Spotlight
1000th issue

Re test Testing QA Spotlight

Get the latest news updates in your mailbox
Never miss out on important financial news and get daily updates today
×
The Edge Singapore
Download The Edge Singapore App
Google playApple store play
Keep updated
Follow our social media
© 2024 The Edge Publishing Pte Ltd. All rights reserved.