The LastPass password manager editor has been hacked again. However, the company wants to reassure its users: their identifiers and passwords do not seem to have been compromised.
Using a password manager is a good way to protect your personal accounts and information – and to remember them. But due to the sensitive data they contain, these tools are often targeted by hacking attempts. In early August, the LastPass password manager editor detected traces “unauthorized activities,” as he announces in a press release. Recall that password managers allow you to store all your passwords, payment information and essential login information in a highly encrypted database or safe. The user can access all of these with a single master password. Suffice to say that LastPass contains data of great value to hackers…
We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC
—LastPass (@LastPass) August 25, 2022
LastPass: everything under control
The intrusion occurred following the compromise of a developer account and allowed a hacker to gain access to the development environment. The latter managed to steal portions of source code and proprietary technical information from the firm, which nevertheless wants to be reassuring. “Our products and services are operating normally,” she declares. A priori, user IDs and passwords do not appear to have been compromised. LastPass explains having “contained the issue, implemented additional security measures”and not have “witnessed other attempts at unauthorized activity”.
The investigation is still ongoing and he has, as a precaution, called in a cybersecurity and forensic company. He adds that “we never store or know your master password.” The company therefore does not recommend any particular action on the part of users and administrators. However, she reminds that it is better, cyberattack or not, to strengthen the security of your account by activating double authentication – also called multi-factor authentication. To do this, just follow the firm’s tutorial.