SECURITY
SECURITY
SECURITY
LastPass source code stolen by hackers in security breach
An intruder breached the internal systems of the cloud-based password manager LastPass and stole internal documents as well as the source code for the service, the company revealed in a statement on Thursday.
“Two weeks ago, we detected some unusual activity within portions of the LastPass development environment,” said Karim Toubba, chief executive of LastPass. “After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”
An unknown attacker broke into a single developer account and gained limited access to the company’s source code, Toubba said. From there the individual also stole blueprints for proprietary technical information as well.
LastPass is one of the largest password management services available for users and is said to support more than 30 million users and 85,000 businesses. A significant portion of its revenue comes from businesses that pay for its services to support millions of internet users who subscribe to the service for free.
The service allows users to generate random passwords and secures them online in encrypted password vaults that are protected by a single master password. The technology that allows it to do this is what is called a “zero knowledge security” model, password data can be unencrypted only with the user’s master password. That means even LastPass is unaware of the password data stored on its own system.
Toubba explained that users’ master passwords were not affected, nor were the encrypted password vaults. The entire incident occurred in the LastPass development environment. “In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm,” Toubba said.
The company said the team has since completely contained the breach and implemented additional security. The attack began and ended two weeks ago and with the enhanced security there have been no further incidents, Toubba added.
This is not the first time that LastPass has been hacked. In 2015, the company suffered a security breach where attackers stole user email addresses, password reminders and authentication hashes. Although the company said at the time that master passwords were not affected, it asked customers to reset their passwords.
Image: Unsplash
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
