LastPass, a freemium password manager with a user base of more than 33 million people across the globe, stores user passwords in encrypted format. It recently revealed, via a blog post that a hacker broke into the system and stole its source code and proprietary information.
The company explained that an “unauthorized party” broke into its developer environment, which is the software used to build and maintain LastPass’s product by its employees. It further confirmed that the hackers gained access to its system via a single compromised developer’s account
However, the company refused to believe that any passwords were accessed or stolen by the hacker via this breach.
An analyst on the Computer Security Incident Response Team at cybersecurity company Recorded Future, Allan Liska said that the “speedy notification” from LastPass impressed him. He added that two weeks may seem like a time long enough to revert but he affirmed that incidents like these can take a while for the concerned company’s response team to fully analyse and furnish a report on the situation. “It will take time to fully determine the extent of any damage that may have been as a result of the breach. However, for now, it appears to not be client-impacting.”
There are speculations all over the internet that hackers might as well get access to the user passwords via the stolen source code and proprietary information. Liska claimed that it is unlikely that the stolen source code and proprietary information will give the hackers access to user passwords.
LastPass however has not given any further comments on the same.