LastPass, one of the world’s largest password managers, has confirmed that it has been hacked. The company revealed that threat actors stole some of the company’s source code and some proprietary LastPass technical information.
It was also stated that there is no evidence yet that this incident involved any access to customer data or encrypted password vaults. An unauthorized person has been found to gain access to parts of the LastPass development environment through a single compromised developer account.
The company said it has implemented containment and mitigation measures in response and has agreed with leading cybersecurity and forensics firm. The investigation into the incident continues.
LastPass stores passwords in ‘encrypted vaults’ that are only decrypted using a customer’s master password. That’s why it’s essential that you enable multi-factor authentication on your LastPass accounts so that even if the password is compromised, threat actors cannot access your account.