Cybercriminals have stolen a source code of Freemium password manager LastPass.

LastPass is a freemium password manager that stores encrypted passwords online. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones.

In a letter to all LastPass customers, the company wrote that 2 weeks ago they detected some unusual activity within portions of the LastPass development environment.

We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally. 

In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.  

Based on what we have learned and implemented, we are evaluating further mitigation techniques to strengthen our environment. We have included a brief FAQ below of what we anticipate will be the most pressing initial questions and concerns from you. We will continue to update you with the transparency you deserve.  

Karim Toubba, CEO LastPass 

The full security advisory emailed to LastPass customers can be read below.

Buy Me A Coffee

LastPass is one of the largest password management companies in the world, claiming to be used by over 33 million people and 100,000 businesses.

READ
LiteSpeed Cache Fixes Major Security Flaw Allowing Privilege Escalation on WordPress Sites