A few weeks ago, one of the most popular password managers, LastPass, which has around 33 million users, was hacked. The information was published in their blog, and according to the article written by the CEO of LastPass, Karim Toubba, there is no need to worry.
The incident happened because of a compromised developer account. The only leaked data was some proprietary technical information and parts of the source code. According to the official message, no clients’ data was affected. Master Passwords are unavailable due to the LastPass’ Zero Knowledge architecture, and the user’s data was unreachable because the incident happened in the development environment.
According to LastPass, containment and mitigation measures were started as soon as the incident was detected. The company engaged leading cybersecurity and forensics firm and implemented additional security measures. LastPass doesn’t detect any unauthorized activity. The investigation is still ongoing, but customers shouldn’t take any actions to protect their data.
Lastpass stated that they would provide more information once it became available. Also, they are evaluating additional mitigation techniques to protect their environment even more.