kras99 - stock.adobe.com
Password manager LastPass disclosed a data breach Thursday that involved the compromise of some "proprietary LastPass technical information."
LastPass CEO Karim Toubba authored the disclosure posted to the company's website. He wrote that the company first detected unusual activity two weeks ago within portions of the LastPass development environment.
Following an initial investigation, LastPass determined that an "unauthorized party" gained access by compromising a developer account. The actor then stole "portions of source code" and proprietary technical information. The password management vendor said it found no evidence that customer data or encrypted password vaults had been compromised and claimed its services are operating normally.
Toubba said LastPass will introduce further mitigation techniques in addition to its initial response.
"In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm," he wrote. "While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity."
Because no user data was apparently compromised, LastPass did not recommend any actions for customers to take beyond following standard password management best practices.
TechTarget Editorial requested additional details from LastPass about the attack, but the company declined to comment beyond a statement that restated details from the blog post.
Alexander Culafi is a writer, journalist and podcaster based in Boston.