Hackers attacks LastPass and steals source code

LastPass, a well-known password manager, disclosed the security problems encountered by the company in the latest blog. It is suspected that hackers invaded the intranet after stealing accounts through phishing. The good news is that there is currently no evidence that hackers have access to the database server where user data is stored, and that user data and encrypted password vaults are still safe.

LastPass said some fragments of its software source code and some proprietary technical documentation were stolen, with minimal potential impact. LastPass users do not need to worry about security issues or transfer data and change passwords at present, but the details still need to wait for the official announcement of a detailed investigation.

LastPass writes: “We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.“

The investigation revealed that only part of the source code and part of some proprietary technical documents were stolen, and all LastPass products and services were in normal operation. In response to the incident, LastPass deployed containment and mitigation measures to improve security while engaging external cybersecurity and forensics experts to help investigate the incident.

According to the existing investigation, the data of all users are not affected, the user’s personal information and encrypted password database have not been leaked, and no password change measures are required.