LastPass reports security breach, no passwords taken

Password manager LastPass fell prey to a security breach on Thursday. According to the reports, the violation did not result in any alarming consequences except for the loss of some technical information. The customers have nothing to worry about as the company has assured them that data and encrypted password vaults are safe and free from threats. The news about the breach was made public by LastPass CEO Karim Toubba through a blog post that stated that the company detected some unusual activity across some of its developer systems. Read along to know more about the security breach.


The What and Why

The security breach was reported on Thursday following the detection of some unusual activity in developer systems. Apparently, a compromised developer’s account acted as the window for the hack. According to the reports from the company, none of the data or encrypted password vaults were accessed by the hackers. However, some of the technical information of the company was stolen.

Toubba’s assurance that there had been no breaches of customer information was a relief for the customers. The CEO underscored that their “products and services are operating normally.” As of 2020, LastPass has a customer strength of about 25 million.

To alleviate the worries of the customers, LastPass through a list of FAQs assured that the users’ Master Password was not compromised or hacked since the company has no knowledge about the Master Password nor does it store the users’ Master Password. The company also added that the customers’ encrypted vault data and private information were absolutely safe and were not accessed by hackers.

“Containment and mitigation” measures are being carried out by the company and it has also enlisted the services of a cybersecurity firm to enhance the investigation with regards to the security breach. According to Karim Toubba, “While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.” He also stated that further measures were being taken to “strengthen our environment” and avoid future threats.

This is not the first time that the company is falling prey to a security breach. It was hacked in the year 2015 which resulted in the email addresses, encrypted master passwords and reminder words of users being hacked.