LastPass has been hacked, and the password management security company has hired a cybersecurity and forensics firm to assist the data breach, the firm disclosed.
The LastPass cybersecurity incident disclosure and associated FAQ mentioned:
- The company detected "unusual activity" within portions of its development environment in mid-August 2022.
- There is no evidence that the incident involved access to customer data or encrypted password vaults.
- The hacker gained access to portions of the LastPass development environment though a compromised developer account.
- Some LastPass source code and technical information was taken.
- The company has achieved a "state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.
LastPass Business Focus, Customer Reach, MSP Partnerships
LastPass provides password and identity management solutions to more than 33 million users. More than 100,000 businesses leverage the company's password management software. The company, based in Boston, Massachusetts, has 454 employees listed on LinkedIn.
This is the second LastPass security incidence in the past year or so. The company previously confirmed a credential stuffing attack, SC Media reported in January 2022.
LastPass has promoted its software to MSPs at various times, but the company's partner program page currently redirects to the GoTo website. LastPass has been owned by GoTo (formerly LogMeIn), though a LastPass company spin-out is planned. We're checking on the status of that spin-out.