LastPass, the Boston-based cloud security password and identity management solutions provider confirms it has detected unusual activity within portions of its development environment.
No customer data or encrypted password vaults were compromised, according to the company.
The unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some of the company’s proprietary technical information.
Following the discovery of the incident, LastPass has engaged a cyber security and forensic firm to help mitigate. The investigation is currently ongoing.
All LastPass products and services are operating normally, says the company.
“While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity,” said Karim Toubba, CEO of LastPass in a blog post.
We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC
— LastPass (@LastPass) August 25, 2022
LastPass reassures master passwords have not been compromised since the incident occurred in the developer environment. The investigation has shown no evidence of any unauthorized access to encrypted bulk data.
LastPass utilizes a zero-knowledge model to ensures that only customers have access to decrypt vault data. The company also affirms that no evidence of any unauthorized access to customer data in the production environment was compromised.
LastPass does not have any recommended actions on behalf of users and administrators, however, they do note to follow best practices around setup and configuration of LastPass.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply