LastPass, a freemium password manager, confirmed that they detected unusual activity on their service this August.
The company’s CEO, Karim Toubba, issued a notice through a blog post on LastPass’s official community website. According to the notice, an unauthorized party accessed LastPass’s portions of the development environment through one compromised developer account.
In addition, the blog post mentioned that the attacker stole portions of source code and a few proprietary technical information of the company, adding that customers’ data and encrypted passwords were not breached.
The company claims to have implemented containment and mitigation measures and has outsourced prominent cybersecurity and forensic firm, while its security investigation is still underway.
Meanwhile, its products and services are fully operational, and it has adopted fortified security measures and is examining other mitigation approaches to reinforce the cybersecurity environment.
Finally, LastPass informed its customers that no master passwords have been breached, and claimed that it never stores or knows about its users’ master passwords. Noting here that the company uses an industry-standard Zero Knowledge design to ensure that the password manager never knows or has access to its clients’ master password.
