About two weeks ago, LastPass started notifying its users of a “recent security incident” where an “unauthorized party” used a compromised developer account to access parts of its password manager’s source code and “some proprietary LastPass technical information.”
In a letter to its users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.
Toubba continues on to explain that the company has “implemented additional enhanced security measures” after containing the breach. The company wouldn’t comment on how long the breach had been going on before it was detected.
As LastPass explains, at this point its users don’t have to do anything, there’s no reason for you to spend an afternoon changing your master password and doing a full security audit.
On the other hand, LastPass probably has its work cut out for them, making sure they don’t have to make any changes now that an unauthorized party may have access to its source code.
To be clear, hackers having access to a program’s source code doesn’t immediately mean they can instantly pwn it, breaking through its defenses.
Famously, Microsoft says it doesn’t rely on its source code remaining private for security and says that people being able to read it shouldn’t be a risk (which is a good thing because its source code leaks a lot).
While that should be the case for any company, especially ones like LastPass whose entire deal is keeping your passwords safe.
If I were a LastPass customer, I’d want the company to be poring over its code just to make sure there aren’t any subtle vulnerabilities that were missed.
Despite the fact that the breach doesn’t seem to be a red alert for security problems at the company, it’s still not a great look for a password manager that’s been struggling with its reputation.
The company got backlash from many of its users for changing its free tier to be significantly less useful in early 2021.
Consider us your technical ninjas, your trusted partner to maximize your information technology and long-term success.
Our custom IT services and solutions help businesses modernize processes, accelerate efficient workflows, strengthen security, defend data, and increase profitability.
It’s our job to help you stay ahead of the curve.
Without proper information technology operations and contingency plans in place, you could be left to deal with catastrophic consequences.
Take control over your IT before something bad happens, Schedule a FREE Technical Assessment with us today!
We’ll come onsite to assess your current technology environment to find any issues that are costing your business in order to provide you with the best technical solutions customized for you.