LastPass password manager, which claims to be the no. 1 globally, admits that it had suffered from a data breach, wherein a hacker stole some of its internal files.
However, the password manager still believes that the cyber attackers were unable to access the password of their users.
LONDON, ENGLAND - AUGUST 09: In this photo illustration, the logo for online password manager service "LastPass" is reflected on the internal discs of a hard drive on August 09, 2017 in London, England. With so many aspects of life requiring passwords and login information, password managers are becoming increasingly popular among consumers and businesses.
LastPass Password Manager Data Breach
As per the latest news from Bloomberg, LastPass currently boasts roughly 333 million users in various parts of the globe.
And now, the password manager disclosed to its massive user base that it had figured in a security breach after a hacker broke into its systems using one of the accounts of its developers.
No less than the Chief Executive Officer of LastPass, Karim Toubba, says they "have determined that an unauthorized party gained access to portions of the LastPass development environment."
The LastPass big boss says the breach began with "a single compromised developer account." And from there, the hacker "took portions of source code and some proprietary LastPass technical information."
Two Weeks Since the Security Breach
According to a recent report by Bleeping Computer, the security breach in the systems of the giant password manager apparently occurred two weeks ago.
In fact, the website of all sorts of cybersecurity news further adds that they learned about the breach from their sources a week ago.
After which, Bleeping Computer says it reached out to LastPass for a response but failed to give any comment during that time.
Should You Change Your Passwords?
LastPass users could not help but be worried that their passwords in various accounts have been stolen.
LONDON, ENGLAND - AUGUST 09: In this photo illustration, A woman is silhouetted against a projection of a password log-in dialog box on August 09, 2017 in London, England. With so many areas of modern life requiring identity verification, online security remains a constant concern, especially following the recent spate of global hacks.
It did not help that some reports claim that the hackers had also stolen passwords after getting their hands on the source code and the blueprints.
However, LastPass assured its customers that their passwords were safe from the recent data breach. And as such, it does not recommend its users to change their login credentials as of writing.
The password manager states that its "investigation has shown no evidence of any unauthorized access to customer data in our production environment."
Essentially, it means that LastPass believes that the recent hack did not expose the password of its millions of users.
And what's more, the firm also says that it has already contained the recent cyberattack. It has also taken additional security measures to prevent another similar incident from taking place.
Related Article: LastPass Promises No Data Breach Following Hacking Scare; Caused by Fabricated Breach Alerts?
