The source code of the password management application 'LastPass' is stolen

Part of the source code of the password management app LastPass has been stolen by attackers. LastPass developers say they have found no evidence of user passwords being stolen.

Notice of Recent Security Incident - The LastPass Blog
https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/

LastPass developer systems hacked to steal source code
https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/

According to the official announcement, in August 2022, abnormal behavior was detected in the LastPass development environment. As a result of the investigation into the anomalous behavior, although no history of access to user data or encrypted passwords was found, it was found that part of the source code and part of the technical information had been illegally obtained via the developer account. It turns out.

In response to the fact that part of the source code was stolen, LastPass said that it worked with a cyber security company to strengthen security. It also claims that the LastPass service is up and running.

LastPass has published the following Q&A to address user concerns.

Q: Were user passwords or master passwords compromised?
A: No. No access to user passwords was observed in this incident. We also do not store user passwords.

Q: Has the user's environment been compromised?
A: No. In this case, the LastPass development environment was compromised. Our investigation found no evidence of unauthorized access to encrypted data.

Q: Was the user's personal information compromised?
No. Our research did not confirm access to user data in a production environment.

Q: How can I protect my data?
No action is recommended at this time. As always, we encourage you to follow our best practices with LastPass.

Q: How can I get more information?
We keep our users transparent and up-to-date.

In addition, Bleeping Computer, a security-related media, said that it had received information from LastPass officials that 'the source code was compromised' before the announcement by LastPass. Bleeping Computer sent a question to LastPass about the security breach on August 21, 2022, but did not receive a response. A response has been received along with the official statement issued on August 25, 2022.