The company behind the LastPass password manager was hacked into last week, and the hackers took a massive chunk of their source code, including blueprints for the LastPass application itself.
In a statement, the CEO of LastPass said:
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.”
The good news, for now, is that they say no customer data or encrypted passwords were accessed in the breach. The bad news is that the hackers still have the source code, which means, depending on how much they have, they can work out how Lastpass works and how it is secured to circumvent the security controls in place. Why would they hack into the system to steal source code unless they had a plan for the source code? What is the goal?
If you are a user of Lastpass, are you happy to know that the blueprints for the software you use to guard your most precious digital assets (your passwords) are out in the wild now being scrutinized by very smart people with a plan?
Remember that this is not the first time LastPass has had security problems. As reported by the Register, In 2019, they fixed a bug that websites could exploit to steal passwords for accounts on other sites, and they also had a severe password-leaking flaw in 2017.
I will keep you posted.
All the best,
Incognito Privavcy Care Team