One of the benefits of a password manager is that it can help you create strong passwords and store them so you don’t have to bother to memorize them. The downside to this is that you’re entrusting all your passwords to a single entity, and one data breach could result in all your passwords being stolen.
This is kind of a nightmare scenario for anyone using password managers, and unfortunately it looks like something similar has happened to LastPass, one of the more popular password managers available today.
In a blog post by the company’s CEO Karim Toubba, the company has confirmed that they have suffered a security breach a couple of weeks ago. According to Toubba, LastPass confirmed that an unauthorized party managed to gain access to portions of the platform’s development environment via a compromised developer account and managed to steal bits of source code and proprietary technical information.
Toubba does reassure users that while a security breach happened, no customer data or encrypted passwords were stolen, meaning that as far as users are concerned, their passwords are still safe. Toubba adds:
“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.”
At this point in time, users won’t have to do anything on their end since none of their passwords were compromised, but perhaps as a precaution, you should consider setting up two-factor authentication for your LastPass account if you haven’t done so already.