Password manager LastPass reports breach, says no credentials stolen

By Thomson Reuters Aug 26, 2022 | 12:26 PM

WASHINGTON (Reuters) – Popular digital password manager LastPass said that hackers recently stole parts of the company’s source code and other sensitive data.

The company’s chief executive said in a blog post its users’ passwords were unaffected.

“Our investigation has shown no evidence of any unauthorized access to customer data in our production environment,” CEO Karim Toubba said in the post, which was published Thursday.

LastPass, which counts more than 25 million users, works by aggregating the hundreds of passwords consumers and corporate users need to log into their social media accounts, business networks, online retailers and more.

Security professionals routinely recommend using a unique, complex password for each and every website a person visits, so password managers like LastPass play an increasingly important role in keeping people’s data safe online.

Compromising such a company’s master password — the password that protects the rest of a user’s credentials — has always been a nightmare scenario.

That isn’t what happened here, Toubba said.

“This incident did not compromise your Master Password,” his post said. The company advised users that no action was needed.

Few other details about the breach were revealed. The company said the hack occurred two weeks prior and that a cybersecurity firm had been hired to investigate. The company did not immediately respond to a follow-up message.

(Reporting by Raphael Satter; Editing by Kirsten Donovan)