Password manager LastPass, which offers a free trial, said that they saw odd activity on their platform in August.
Karim Toubba, the company’s CEO, published a notification in a blog entry on LastPass’s official community page. The report claims that one compromised developer account allowed an unauthorised entity to access LastPass’s components of the development environment.
In addition, the blog post stated that the attacker obtained some of the company’s sensitive technical knowledge and bits of source code, but added that encrypted passwords and customer data were not compromised.
While its security investigation is still ongoing, the company asserts that it has implemented containment and mitigation measures and has hired a reputable cybersecurity and forensic firm.
While this is going on, all of its goods and services are fully functional, and it has strengthened security measures.
While this is going on, the company’s goods and services are fully functional, and to strengthen the cybersecurity environment, it has strengthened security procedures and is looking into alternative mitigating options.
LastPass concluded by informing its clients that no master passwords had been compromised and asserting that it never maintains or has access to its clients’ master passwords. In this regard, it should be noted that the organisation employs an industry-standard Zero Knowledge design to ensure that.