Password management solution LastPass has been breached. The good news is that no customer data, including Master Passwords, was compromised.
The password management solution alerted customers to the breach via email early this morning.
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. We have no evidence that this incident involved any access to customer data or encrypted password vaults. Our products and services are operating normally,” LastPass told customers.
The breach then appears limited to LastPass’ development environment. This, the firm says, is thanks to its Zero Knowledge architecture which insures that LastPass never has access to a user’s Master Password or the data in their Vault.
“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity,” LastPass chief executive officer, Karim Toubba wrote in a blog post.
While LastPass users don’t have to take any action, it can’t hurt to update your Master Password. You may also want to check that your LastPass is setup correctly using this guide.
The firm said it would provide more updates as necessary.