World’s Most Popular Password Manager ‘LastPass’ Gets Hacked

LastPass is the most famous password manager platform which is used by 3.3 crore people around the world. But it got hacked & its source code got stolen.

More than 33 million users use LastPass, a password manager, worldwide. LastPass reported that a hacker recently entered its servers and stole sensitive data and source code.

As stated in a blog post on Thursday, the company doesn’t think any passwords were stolen as a result of the breach, and users shouldn’t need to take any steps to safeguard their accounts.

According to an inquiry, a “unauthorized entity” gained access to its developer platform, which is the software used by staff members to create and maintain the LastPass product. 

According to the company, the criminals were able to enter the system by using a single compromised developer’s account.

The organization that was attacked is one that automatically creates and saves difficult-to-crack passwords for a variety of services, including Netflix and Gmail, on behalf of its users. On its website, LastPass cites Patagonia, Yelp Inc., and State Farm as clients.

According to the cybersecurity blog Bleeping Computer, it questioned LastPass two weeks ago about the hack.

We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC

— LastPass (@LastPass) August 25, 2022

The “speedy notification” from LastPass impressed Allan Liska, an expert with cybersecurity firm Recorded Future’s Computer Security Incident Response Team.

While two weeks can seem like a lengthy time to some, incident response teams might take some time to thoroughly evaluate and report on a situation.

“It will take some time to accurately assess the scope of any harm that may have resulted from the incident. It doesn’t seem to be having an influence on clients right now, though.

A request for additional comment from LastPass did not immediately receive a response.

On social media, there was suspicion that after theft of source code and confidential material, hackers might be able to get their hands on the passwords to password vaults.