LastPass, a password manager which has 25 million users, has confirmed that its source code was stolen during a data breach.
Karim Toubba, CEO of LastPass, explained that the breach was discovered after noticing some suspicious activity within the LastPass development environment two weeks ago. A third party gained unauthorized access to the environment through a compromised developer account. This third party then took “some proprietary LastPass technical information” and “portions of source code”.
LastPass has taken measures while an investigation into the breach is ongoing, including “achieving a state of containment [and] implementing additional enhanced security”, and has reported that no further evidence of unauthorized access to the developer environment has been found.
The company also said it was investigating further mitigation techniques to prevent future breaches and had “engaged a leading cybersecurity and forensics firm” in the investigation into the breach.
LastPass has confirmed that no passwords, master passwords or personal data or information were compromised during the breach.