LastPass is the world’s most popular password manager. It generates and stores multiple hard-to-crack, auto-generated passwords for its user’s individual accounts (Like Netflix and Gmail), without the need to manually enter credentials.
The breach appears to have been with the development servers, facilitated by a compromise of a LastPass developer account, and took place two weeks ago. Incident responders have contained the breach, and LastPass says there is no evidence of further malicious activity.
LastPass said in a blog post, “in response to the incident, we have deployed containment and mitigation measures and engaged leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.” LastPass also claimed that their investigation found source code and technical info were stolen but there is no indication any passwords were taken as part of the breach and users shouldn’t have to take action to secure their accounts.
Using a password manager is generally a good way to keep your accounts and information safe. But password managers are not bulletproof either. For more information about password best practices and creating and using secure passwords, watch out latest PASSWORD SAFETY TRAINING.
If you have questions, contact us for more information about our services or schedule a consultation with one of our Security Experts.