Source Code Stolen After Hackers Breach the LastPass Developer System

  • Home
  • Blog
  • Source Code Stolen After Hackers Breach the LastPass Developer System
Source Code Stolen After Hackers Breach the LastPass Developer System

Introduced in 2008, LastPass has long been a staple among cybersecurity tools as it is one of the best password managers available. It provides multi-factor authentication, works across multiple networks and browsers, and is very simple to use for people.

Over 33 million people are using the well-known password manager LastPass worldwide. However, recently a hacker infiltrated its systems and took proprietary data and source code. The information was made public by BleepingComputer.

Users were informed of the incident via email from the company. LastPass also assured the user that their passcodes and other confidential material were safe even after the attack.

The Incident

With this incident raised many questions about whether the user credentials belonging to one of the hugest password management companies in the industry have been threatened or not.

According to sources cited by BleepingComputer that staff members rushed to contain the attack after its occurrence. Following reports of the attack, LastPass lately issued a security advisory confirming it. The advisory also stated that cyber attackers used a vulnerable developer account to access the company. 

During the previous year, LastPass experienced two data breaches. Using a technique known as “credential stuffing,” hackers attempted to access some LastPass users’ private vaults in December. User passwords are stored in encrypted vaults that require the user’s master password to unlock.

Do Users Need to be Concerned about their Passwords?

CEO of the company Karim Toubba confirmed the news in a blog post. He made it a point to state that user information was secure and that the unauthorized person did not obtain passwords or access user vaults.

No personal information taken is, in fact, a good sign. Although, source code and confidential information theft could cause main issues and encourage more intrusion attempts. LastPass has appointed a “best cybersecurity and forensics firm,” indicating that it is well aware of this risk.

According to LastPass, even though its investigation is currently underway, the hacking attempt did not affect any of the saved passwords or other data of customers. However, LastPass did not provide any detail regarding the mitigation strategies to build up its environment.

How to Prevent in the Future?

Many people keep their passwords the same for years or even forever, which can be risky. LastPass recommends changing all the same passwords that you use for multiple accounts. The hackers who gain access to your ID and password of one account can go for your other accounts too.

Another thing you can do is to get two-factor authentication. A hacker who was able to obtain your password cannot access your account using the data stolen from LastPass if you have two-factor authentication. The seeding information required for second factors has likely been kept safe by LastPass.


Rogue Logics provides in-depth security services for the assessment and protection of your application, data, and infrastructure against potential threats on-prem or in the cloud. Want a consultation with the professionals at Rogue Logics? Contact us and get a free quote.