LastPass, one of the popular password managers — used by more than 33 million people worldwide — said hackers recently stole source code and sensitive information after hacking into its systems.
The CEO of LastPass, Karim Toubba, has confirmed the news in a statement sent to its users. According to this, the attackers penetrated internal systems through a compromised account of one of the developers “and took portions of source code and some proprietary LastPass technical information.”
The good part is that it says that, after conducting an investigation, the company emphasizes that there is no evidence of theft of encrypted passwords or any other information of users of the password manager.
According to the official announcement, “In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.”
As for users and administrators, LastPass recommends not doing anything beyond following the best practices since always. But since no user information or passwords have been stolen, they indicate that no extra step is necessary.