LastPass Issues Notice of Security Incident
Posted by: Jon Ben-Mayor on 08/25/2022 06:06 PM
[
Comments
]
First Plex and now LastPass - one of the more popular password managers on the market has suffered a security incident.
LastPass CEO Karim Toubba issued a brief statement on the LastPass blog; Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved access to customer data or encrypted password vaults.
We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.
In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.
Based on what we have learned and implemented, we are evaluating further mitigation techniques to strengthen our environment. We have included a brief FAQ below of what we anticipate will be the most pressing initial questions and concerns from you. We will continue to update you with the transparency you deserve.
LastPass goes on to say that NO Master Passwords were compromised, no data within vaults was compromised, and no personal information was compromised. At this time, LastPass does not recommend any action be taken. But you can change your password if that makes you feel better, as this incident is still being investigated.
LastPass CEO Karim Toubba issued a brief statement on the LastPass blog; Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved access to customer data or encrypted password vaults. We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.
In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.
Based on what we have learned and implemented, we are evaluating further mitigation techniques to strengthen our environment. We have included a brief FAQ below of what we anticipate will be the most pressing initial questions and concerns from you. We will continue to update you with the transparency you deserve.
LastPass goes on to say that NO Master Passwords were compromised, no data within vaults was compromised, and no personal information was compromised. At this time, LastPass does not recommend any action be taken. But you can change your password if that makes you feel better, as this incident is still being investigated.
Comments
