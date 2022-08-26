One of the leading password management software on the market, LastPass, has been hacked. He was recognized a few hours ago by his CEO, Karim Toubba, explaining that he or the cyberattackers had been made with “portions of LastPass proprietary source code and technical information”.





“Upon launching an immediate investigation, we have found no evidence that this incident involved any access to customer data.”

However, what they have found evidence of is the origin of the intrusion. Apparently, “unusual activity in some parts of the development environment” of your platform took place two weeks ago, as a result of a third party access “via a single compromised developer account”.

According to the company, its “products and services work normally” and its 33 million registered users (100,000 of them paid, and the rest free) they do not have to take any extra measures to protect their accounts for now.

How to use mnemonics to create and remember complex and strong passwords

And now?

Nevertheless, in the medium termthis leak constitutes a clear threat to the security of user data, since stolen technical information could give attackers clues to vulnerabilities —previously detected the number— of the platform.

In fact, this is the second cybersecurity incident related to LastPass in the last 8 monthss: Last December several of its users received alerts of login attempts using compromised master passwords.

You have to go back 7 years to find a precedent as serious as it is now: in June 2015, LastPass reported an intrusion into the company’s internal network that forced it to require its users to change their master passwords as soon as possible.

So that our recommendation is to apply a healthy dose of extra paranoia, and change your LastPass Master Password just in case. And even assess the possibility of betting on a new password manager… for example, an open source one, in which the theft of the source code does not constitute a setback.

Via | LastPass