Popular password manager LastPass issued a statement yesterday that it had suffered a breach. Two weeks ago, an unauthorised party gained access to and stole source code and other proprietary information from the company.
Before you rush to switch to a different service, the company says, “we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.” Also, it was two weeks ago. If they did get to your passwords, it’d already be too late.
Who goes there?
In a statement issued by the company on Tuesday, it revealed that the unauthorised party gained access to its developer environment. That would be the software that LastPass employees use to develop the program and accompanying app. This was possible through a compromised developer account. But all the hacker(s) made off with was some source code and “proprietary LastPass technical information.”
The company says it immediately started an internal investigation to assess the extent of the breach. It then contacted a leading (but unnamed) cybersecurity and forensics firm.
“While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.”
Read More: Shoprite was hacked – and the information is for sale on the dark web
If you are a LastPass user and have some questions regarding the breach the company has put together a list of answers to Frequently Asked Questions it thinks you might have.
Password managers, in case they’re still foreign to you (they really shouldn’t be), are designed to replace your diary or note-taking app. Wherever you store all your passwords and sensitive information. Except, in this case, everything you store is encrypted and, theoretically, safe from prying eyes. Unless someone is peering over your shoulder, that is.