Attackers steal LastPass Source Code After Compromising Developer Account

LastPass has released a security advisory confirming a breach via a compromised developer account that attackers used to gain access to the company’s developer environment.

Upon gaining access, the attacker stole the company’s source code and proprietary technical information.

“In response to the incident, we have developed containment and mitigation measures and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures and saw no further evidence of unauthorized activity,” the LastPass advisory states.

LastPass has yet to provide details about the attack, including how the threat actors compromised the developer account and which source code was stolen.

However, the company said that passwords were not compromised during the cyberattack although the company stores passwords in ‘encrypted vaults’ that can only be decrypted with a customer’s master password.

An earlier hack in 2021 allowed attackers to confirm the user’s master password. This means that it is now important for users to enable multi-factor authentication on their LastPass accounts, which will help prevent threat actors from accessing their accounts even if their data is compromised.

IT World Canada Staff
IT World Canada Staff
The online resource for Canadian Information Technology professionals.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web