World’s most popular password manager, LastPass, was hacked
India Today
LastPass, which is considered a safe haven for passwords, was hacked. The company in a blog post detailed that it detected unusual activity in its application two weeks ago.
If you use password managing apps, you have probably heard of LastPass, which is the most sought-after password managing app in the world. However, the application which is considered a safe haven for passwords was hacked. The company in a blog post detailed that it detected unusual activity in its application two weeks ago. LastPass, which has over 33 million users, has launched an investigation.
LastPass in the blog admitted that the hackers gained illegal access to some of its source code. “Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally. “
The company has revealed that it has containment and mitigation measures and assigned a leading cybersecurity and forensics firm to investigate the matter. LastPass further revealed that it has implemented additional enhanced security measures, and that they do not see any further evidence of unauthorised activity.
Further, Karim Toubba, CEO LastPass elaborated that the users' master password was not comprised in the hack. The company said that it does not store a user’s master password. The password manager can never know or gain access to the users’ Master Password. LastPass also clarified that no personal information of the users was compromised.
“This incident occurred in our development environment. Our investigation has shown no evidence of any unauthorized access to encrypted vault data. Our zero knowledge model ensures that only the customer has access to decrypt vault data,” the company CEO Toubba said.
