What is LastPass and What Data Breach Occurred in LastPass?
LastPass Data Breach: LastPass is a popular password management software which is used by more than 33 million users around the globe. On Thursday, 25th August 2022, it was reported by LastPass that there had been a security breach and data was hacked.
The official statement released by the CEO of LastPass, Karim Toubba, mentioned that "portions of source code and some proprietary LastPass technical information." were stolen during the security breach.
We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC— LastPass (@LastPass) August 25, 2022
In this story, we will be covering what LastPass is, what data was breached in LastPass and if users need to worry about the data breach.
What is LastPass?
LastPass is an award-winning password manager that helps you secure your login credentials securely without the need to remember passwords for most online activities.
It is used by more than 33 million users worldwide to safely store their passwords for online transactions.
However, a recent report released by LastPass confirmed that a hacker had breached their data.
What Data was Breached?
As per the reports, the data breach occurred on one of the development servers of LastPass; the breach happened when one of the developer accounts was compromised. The hacker has stolen a portion of the source code.
LastPass was quick to recognise the threat and has taken protective measures to control the same.
The statement released by the company read, “After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults,”.
Is Your Data Secure?
LastPass operates on a zero-knowledge security model, making it practically impossible for someone to access the master password or the data stored in the vault.
The company uses AES-256 encryption and PBKDF2 hashing, which helps in keeping your master password private.