Hi Guys,

Password manager LastPass has been hacked again, and this time the hackers have been able to access customer information. Officials from the company confirmed yesterday that unknown attackers breached its cloud storage using information stolen during a previous security incident from August 2022. Please see below my tip from August explaining how hackers broke in and stole their source code. At the time, we wondered what hackers would do with the source code, and now we know. It has been used in this breach.

If you are one of the many millions of people who use LastPass:

  • Change your master password.
  • Make sure you are running the latest versions of their software.
  • If I were you, I would also look for a replacement. They have been hacked too many times. They cannot be trusted.
  • Contact us if you are worried.

All the best,

Max Roberts,
Incognito Privacy Care Team

_____ Previous tip from August 2022____

Hi Guys,

The company behind the LastPass password manager was hacked into last week, and the hackers took a massive chunk of their source code, including blueprints for the LastPass application itself.

In a statement, the CEO of LastPass said:

“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.”

The good news, for now, is that they say no customer data or encrypted passwords were accessed in the breach. The bad news is that the hackers still have the source code, which means, depending on how much they have, they can work out how Lastpass works and how it is secured to circumvent the security controls in place. Why would they hack into the system to steal source code unless they had a plan for the source code? What is the goal?

If you are a user of Lastpass, are you happy to know that the blueprints for the software you use to guard your most precious digital assets (your passwords) are out in the wild now being scrutinized by very smart people with a plan?

Remember that this is not the first time LastPass has had security problems. As reported by the Register, In 2019, they fixed a bug that websites could exploit to steal passwords for accounts on other sites, and they also had a severe password-leaking flaw in 2017.

I will keep you posted.

All the best,

Max Roberts,
Incognito Privavcy Care Team