Password management company LastPass has just disclosed a data breach. It was hacked two weeks ago, and attackers made off with source code as well as some of LastPass's proprietary technical information.
Data breaches are nothing new for any company, but given LastPass's entire business model hinges on keeping passwords safe and secure, falling victim to a hack is a bad look.
However, in this case, there's a silver lining: The breach hasn't resulted in anything that could result in any account passwords or vaults being compromised. It's a pain for the company, but your data will remain safe.
What to Know About the LastPass Hack
The advisory from LastPass says that the breach started when a developer's user account was compromised two weeks earlier.
The account was then used to hack the LastPass developer systems, giving the bad acros access to some source code and company information, though not to the user data of the platform's 33 million customers.
“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.” -Karim Toubba, CEO at LastPass
The company is also “evaluating further mitigation techniques,” Toubba said in the announcement.
LastPass might have preferred to wait a while longer before announcing the breach. According to BleepingComputer, insiders leaked news of the breach to journalists last week, who then contacted LastPass with questions that went unanswered until their public announcement.
Can Password Managers Really Keep You Safe?
The fact that no user data was leaked is a definite upside to this incident, but it's not reassuring to consider that a bad actor now has access to an unspecified amount of LastPass's source code.
Still, password managers are safer on the whole than trying to keep all your passwords in your head, a habit that inevitable leads to re-using passwords or picking easy-to-crack options just because they'll stick in your memory. In fact, one recent survey of IT leaders found a massive 84% think that passwords are “deceptively weak.”
Until we move past passwords altogether for our online security needs, we'd recommend a password management tool. Our researchers found LastPass offered the best software at the lowest price, but other top options to consider include 1Password and Dashlane.