Security News > 2022 > August > LastPass breach: Source code, proprietary tech info stolen
"An unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information," the makers of the popular password manager LastPass announced on Thursday, but reassured users that the Master Passwords securing their password vaults are safe.
LastPass says that they detected the breach two weeks ago, but that they haven't discovered evidence of the attacker gaining access to customer data in their production environment or encrypted password vaults.
"This incident did not compromise your Master Password. We never store or have knowledge of your Master Password. We utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers' Master Password," the company added.
The company is sending out emails to notify users of the breach, but is not requiring them to change their Master Password.
These practices involve keeping devices updates, using strong, unique passwords, and setting up multifactor authentication for additional security.
It's impossible to predict how the stolen source code and technical information will end up being used by attackers.