LastPass Finds Itself The Latest Hacking Victim As Cyberattacks Continue To Increase

As technology evolves and more and more things take place online, cyberattacks become more frequent.

Moreover, no company is immune to attack, evidenced by Entrust’s breach earlier in the year.

One of the latest victims is LastPass, which stands as one of the largest password managers in the world with 25 million users.

LastPass CEO Karim Toubba announced the breach of security on August 25th, saying that the company detected unusual activity two weeks prior.

The activity took place in the LastPass development environment, where the intruder gained access through a single compromised developer account.

Threat Actors Stoled Technical Information And Source Code 

When it comes to cybersecurity, humans are often the greatest risk. It is to the point that companies are dedicated to limiting human cybersecurity risk through training and raising security awareness.

But what did the unauthorized party steal? According to Toubba, the intruder stole portions of source code and some proprietary LastPass technical information.

The immediate investigation did not reveal any evidence that customer data or encrypted password vaults were accessed.

LastPass also emphasized that the “zero knowledge” architecture employed prevents anyone from accessing a customer’s master password.

The passwords are so secure because they are never stored, meaning even LastPass doesn’t have access to them.

Not only does that ensure the passwords are secure, but users do not have to take action because of the breach.

Of course, that has not always been the case. LastPass has encountered a breach before.

Threat Actors Gained Access without Obstruction

Back in 2015, hackers accessed the company’s network. After the attack, users were asked to change their master passwords when they logged in, alluding to a potential leak.