In August, LastPass had admitted an “unauthorized party” gained entry into its system. Any news in regards to a password manager getting hacked could be alarming, however the company is currently reassuring its users that their logins along with other information weren’t compromised in the case.
In his latest update concerning the incident, LastPass CEO Karim Toubba said that the business’s investigation with cybersecurity firm Mandiant has revealed that the bad actor had internal usage of its systems for four days. These were in a position to steal a few of the password manager’s source code and technical information, but their access was limited by the service’s development environment that’s not linked to customers’ data and encrypted vaults. Further, Toubba remarked that LastPass does not have any usage of users’ master passwords, which are essential to decrypt their vaults.
The CEO said there is no evidence that incident “involved any usage of customer data or encrypted password vaults.” In addition they found no proof unauthorized access beyond those four days and of any traces that the hacker injected the systems with malicious code. Toubba explained that the bad actor could infiltrate the service’s systems by compromising a developer’s endpoint. The hacker then impersonated the developer “oncethe developerhad successfully authenticated using multi-factor authentication.”
Back 2015, LastPass suffered a security breach that compromised users’ email addresses, authentication hashes, password reminders along with other information. An identical breach will be more devastating today, given that the service supposedly has over 33 million registered customers. While, LastPass isn’t asking users to accomplish anything to help keep their data safe this time around, it certainly is good practice never to reuse passwords also to activate multi-factor authentication.
All products recommended by Engadget are selected by our editorial team, independent of our parent company. A few of our stories include affiliate links. In the event that you buy something through one of these brilliant links, we might earn a joint venture partner commission. All prices are correct during publishing.