For your online safety, it is recommended to have different passwords for the different platforms that you visit. However, in these modern times, these would mean memorizing more than 10 different passwords, which has led to the rise of password managers being inbuilt in browsers as well as third-party vendors offering their own standalone password managers.
LastPass is one of the third-party password managers and is incredibly popular. However, being popular also means that you have a target on your back, as LastPass has learnt with their development environment coming under attack in the past week.
Karim Toubba, The company’s CEO, says that they uncovered a breach where bad actors gained access to portions of LastPass’s source code and technical information through a single compromised developer account.
He does not provide more information regarding the attack, however, he explains that the company has already started an investigation that is still underway and has already deployed countermeasures to ensure the attack is not repeated. LastPass has also procured the services of a cybersecurity firm to prevent such events in the future.
Karim Toubba further expounds that the company services are going on as usual since customer data as well as the encrypted password vaults remain unaffected by the breach. LastPass says that users have no reason to take any action at this point in time.
However, this is not the first time LastPass has suffered from such an attack. In late 2021, the correct master passwords were used to attempt logging into several customer accounts. However, these attempts were not successful since red flags were triggered with the login attempts being made from unusual geographical locations.
These kinds of attacks and breaches bring into question the safety of LastPass, which claims more than 20 million customers. Now that the source code is out in the wild, it might only be a matter of time before the attackers come back with more information about how the platform works.
If you are a LastPass user, this might be a good time to leave and look for alternatives in the market. Google’s Chrome built-in password manager, for instance, has similar features for free, while Bitwarden is also free if you want another third-party option.