kras99 - stock.adobe.com

LastPass discloses data breach

LastPass CEO Karim Toubba said no customer data or password details were compromised, and the company does not recommend an immediate course of action to users.

Password manager LastPass disclosed a data breach Thursday that involved the compromise of some "proprietary LastPass technical information."

LastPass CEO Karim Toubba authored the disclosure posted to the company's website. He wrote that the company first detected unusual activity two weeks ago within portions of the LastPass development environment.

Following an initial investigation, LastPass determined that an "unauthorized party" gained access by compromising a developer account. The actor then stole "portions of source code" and proprietary technical information. The password management vendor said it found no evidence that customer data or encrypted password vaults had been compromised and claimed its services are operating normally.

Toubba said LastPass will introduce further mitigation techniques in addition to its initial response.

"In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm," he wrote. "While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity."

Because no user data was apparently compromised, LastPass did not recommend any actions for customers to take beyond following standard password management best practices.

TechTarget Editorial requested additional details from LastPass about the attack, but the company declined to comment beyond a statement that restated details from the blog post.

Alexander Culafi is a writer, journalist and podcaster based in Boston.

Dig Deeper on Data security and privacy

SearchNetworking
SearchCIO
SearchEnterpriseDesktop
SearchCloudComputing
ComputerWeekly.com
Close