Skip to main content

One of the biggest password managers manages to get hacked

Hacker hacking things.
(Image credit: Getty images - boonchai wedmakawand)
Audio player loading…

LastPass, one of the largest freemium cloud-based password managers with more than 25 million users, has been hacked. The hackers made off with "portions of source code," according to an announcement by the company itself. The good news is that no user information or passwords were at risk. 

In a blog post (opens in new tab) (via sweclockers (opens in new tab)), LastPass revealed today that it was exposed to a data breach two weeks ago. The company "detected some unusual activity within portions of the LastPass development environment," which resulted in the theft of proprietary data. A compromised developer account is to blame for the breach. Fingers crossed they weren't using 'password' or '12345' or this is going to get embarrassing for someone.

As far as users' personal information and passwords are concerned, there's no evidence of customer data or account master passwords being accessed, according to LastPass. 

Users' Encrypted vault data also seems to have not been affected. LastPass says the whole incident took place in its "developer environment," which means that it went nowhere near touching any of the encrypted vault data. 

In addition to passwords, LastPass users can also store digital copies of personal records like ID and insurance cards in a vault in the cloud. The premium version of the services gives you access to this vault across multiple devices.

Your next machine

(Image credit: Future)

Best gaming PC (opens in new tab): The top pre-built machines from the pros
Best gaming laptop (opens in new tab): Perfect notebooks for mobile gaming

"In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm," wrote Karim Toubba, CEO of LastPass. "While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity."

Last year, LastPass suffered a credential stuffing attack (opens in new tab), where hackers attempted to access users' cloud-hosted password vaults. In 2015, LastPass told its customers to change their master passwords after a data breach (opens in new tab) occurred where hackers managed to steal some user data (but no passwords). 

If you're a LastPass user, the company says there's no action you need to take right now. However, LastPass does recommend that you set up authentication via the LastPass Authenticator app and make sure you keep all your devices up to date.

Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for nearly ten years and has written for Dualshockers, WCCFtech, and Tom's Guide.