LastPass, one of the most popular third-party password managers, is warning all users of a “security incident” that the team is actively investigating. In a blog post on Wednesday, the company assured users that “passwords remain securely encrypted.”
“We have determined that an unauthorized party, using information obtained during the August 2022 incident, gained access to certain elements of our customers’ information,” LastPass CEO Karim Toubba wrote. “As part of our efforts, we continue to deploy enhanced security controls and monitoring capabilities across our infrastructure to help detect and prevent further threat actor activity.”
The breach is related to an incident in August where “an unauthorized party accessed portions of the LastPass development environment through a single compromised developer account and took portions of the source code and certain technical information from LastPass.” At the time, LastPass said there was “no evidence of any unauthorized access to customer data in our production environment.”
Now LastPass says the unauthorized party has gained access to “certain elements of our customers’ information.” Toubba does not elaborate on what those elements are or how many users are affected. LastPass creates Mac and iOS apps and is very popular among Apple users.
Lastpass said it was working with the cybersecurity firm to investigate Mandiant to investigate the incident and confirmed it had notified police of the attack.
While passwords seem secure, it’s not a bad idea to change your master password if you use LastPass. And be sure to monitor all your accounts for suspicious activity until we know more.
We have advice on choosing a strong password in a separate article.
