“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information,” CEO Karim Toubba wrote in a letter to customers.
LastPass’s CEO announced on Thursday that the company had just been hacked, but there is no proof that any client information or passwords were revealed.
Toubba claimed that after noticing some strange behaviour two weeks ago, the business learned about the attack.
The software also gives users access to automatically created passwords that are difficult to guess. Users can store their passwords for numerous accounts and websites in a “vault” that can be accessed with a single master password.
“Our investigation has shown no evidence of any unauthorized access to encrypted vault data,” the company wrote on a frequently asked questions page. “Our zero knowledge model ensures that only the customer has access to decrypt vault data.”
According to LastPass, their software is made in a way that prevents the firm from ever knowing or having access to its users’ master passwords.
According to the business, all of its products are functioning correctly, and in the wake of the event, LastPass is collaborating with a cybersecurity and forensics firm.