The IT Nerd

A year ago, LastPass appeared to have been pwned by hackers. But the company denied it and that really clouded the issue. Personally I think they were pwned. But there’s no smoking gun to speak of. However as of this morning, I can say that LastPass has absolutely been pwned by hackers last week:

Earlier this week, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.” In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.

Toubba continues on to explain that the company has “implemented additional enhanced security measures” after containing the breach, which it detected two weeks ago. The company wouldn’t comment on how long the breach had been going on before it was detected.

Well, this is not a good look for a company that is responsible for securing your passwords. And while grabbing source code doesn’t mean that everyone is in deep trouble immediately, it may mean potential problems for LastPass down the road.

This is a story that is worth keeping an eye on.

This entry was posted on August 29, 2022 at 9:06 am and is filed under Commentary with tags LastPass. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.