It’s not really a good thing to hear that the company managing your passwords was hacked. It’s like hearing that the bank you put your life’s savings in was robbed. The CEO of the company, Karim Toubba, sent a letter to all of its customers about the incident and summed up what happened.
Lastpass was hacked through a developer account
In the letter to its customers, the company pointed out some interesting points. The break happened about two weeks ago. As a result, LastPass employed a “leading cybersecurity and forensics firm” to help clean up the mess. We don’t know what firm, however. From the looks of it, a bad actor was able to break into LastPass through a compromised developer account. Being a developer, they, ostensibly, had some high-level access to the company’s files. So, it makes sense that the attacker was able to use that account as a point of ingress.
Should you be worried?
Based on the letter, Toubba assured its users that the attacker was able to steal portions of the source code for the company along with some proprietary technical information. While this isn’t great, Toubba said that the company doesn’t expect that any user data was taken. While the letter says this, this is still an ongoing investigation. At this point, the company could still be gathering information about the attack, so you’ll want to keep an eye on what’s going on. Stay on the lookout for any more updates from the company. Even if the letter doesn’t point to any user data being stolen, it might be a wise idea to change your login information for your LastPass account.
