LastPass, one the best! Most popular third-party password manager, is warning all users of a “security incident” that its team is actively investigating. In a blog post on Wednesday, the company assured users that “passwords remain safely encrypted”.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” wrote Karim Toubba, LastPass CEO. “As part of our efforts, we continue to deploy enhanced security measures and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity.”
The breach is related to an August incident in which “an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.” At the time, LastPass said there was “no evidence of any unauthorized access to customer data in our production environment.”
Now, LastPass says the unauthorized party was able to gain access to “certain elements of our customers’ information.” Toubba doesn’t elaborate on what those elements are or how many users were affected. LastPass is a popular Apple app that can be downloaded on iOS and Mac.
Lastpass stated that it collaborated with Mandiant cybersecurity firm to investigate the incident. It also confirmed that it had notified law enforcement about the attack.
While passwords appear to be safe, it’s not a bad idea to change your master password if you use LastPass. Until we find out more, keep an eye on your accounts for suspicious activity.
We offer advice Selecting a strong passwordIn a separate article.