LastPass Was Hacked and Lost Source Code Because of It

If you're among LastPass's 33 million customer, don't worry: All user account data remained secure despite the breach.
Adam Rowe

Password management company LastPass has just disclosed a data breach. It was hacked two weeks ago, and attackers made off with source code as well as some of LastPass's proprietary technical information.

Data breaches are nothing new for any company, but given LastPass's entire business model hinges on keeping passwords safe and secure, falling victim to a hack is a bad look.

However, in this case, there's a silver lining: The breach hasn't resulted in anything that could result in any account passwords or vaults being compromised. It's a pain for the company, but your data will remain safe.

What to Know About the LastPass Hack

The advisory from LastPass says that the breach started when a developer's user account was compromised two weeks earlier.

The account was then used to hack the LastPass developer systems, giving the bad acros access to some source code and company information, though not to the user data of the platform's 33 million customers.

“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.” -Karim Toubba, CEO at LastPass

The company is also “evaluating further mitigation techniques,” Toubba said in the announcement.

LastPass might have preferred to wait a while longer before announcing the breach. According to BleepingComputer, insiders leaked news of the breach to journalists last week, who then contacted LastPass with questions that went unanswered until their public announcement.

Can Password Managers Really Keep You Safe?

The fact that no user data was leaked is a definite upside to this incident, but it's not reassuring to consider that a bad actor now has access to an unspecified amount of LastPass's source code.

Still, password managers are safer on the whole than trying to keep all your passwords in your head, a habit that inevitable leads to re-using passwords or picking easy-to-crack options just because they'll stick in your memory. In fact, one recent survey of IT leaders found a massive 84% think that passwords are “deceptively weak.”

Until we move past passwords altogether for our online security needs, we'd recommend a password management tool. Our researchers found LastPass offered the best software at the lowest price, but other top options to consider include 1Password and Dashlane.

Did you find this article helpful? Click on one of the following buttons
We're so happy you liked! Get more delivered to your inbox just like it.

We're sorry this article didn't help you today – we welcome feedback, so if there's any way you feel we could improve our content, please email us at contact@tech.co

Adam is a writer at Tech.co and has worked as a tech writer, blogger and copy editor for more than a decade. He's also a Forbes Contributor on the publishing industry, for which he was named a Digital Book World 2018 award finalist. His work has appeared in publications including Popular Mechanics and IDG Connect, and he has an art history book on 1970s sci-fi coming out from Abrams Books in 2022. In the meantime, he's hunting own the latest news on VPNs, POS systems, and the future of tech.

Explore More See all news
close Step up your business video conferencing with GoToMeeting, our top rated conferencing app – try it free for 14 days Try GoToMeeting Free