Password management company LastPass disclosed a data breach that led to the disclosure of some portions of its source code to the attacker.
The breach occurred through a single compromised developer account and in response to the incident, the company has deployed containment and mitigation measures and is implementing additional enhanced security measures.
User’s master passwords are safe
“This incident did not compromise your Master Password. We never store or have knowledge of your Master Password. We utilize an industry-standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password. You can read about the technical implementation of Zero Knowledge here.” said the company.
According to the investigations, there is no evidence of unauthorized access to encrypted vault data or customer data in the company’s production environment.
No user action needed at this point
According to LastPass FAQ about the incident, there is no action necessary on behalf of the users or administrators. It is advised that best practices for setup and configuration are followed.