LastPass confirms attackers stole some source code
Earlier this week, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.” In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.
Toubba continues on to explain that the company has “implemented additional enhanced security measures” after containing the breach, which it detected two weeks ago. The company wouldn’t comment on how long the breach had been going on before it was detected.
As LastPass explains,…