Blog

LastPass started notifying their users of a recent security incident where an “unauthorized party” gained access.

The malicious hacker used a compromised developer account to gain access to parts of the password manager’s source code and some proprietary LastPass technical information.

In a letter to LastPass users, the company’s CEO Karim Toubba explains that its investigation hasn’t turned up evidence that any user data or encrypted passwords were accessed.

Toubba continues on to explain that the company has implemented additional enhanced security measures after containing the breach. The company wouldn’t comment on how long the breach had been going on before it was detected.

The rate at which companies are experiencing cyber security breaches is alarming and the damage can be detrimental if you don’t have an incident response plan in place.

LastPass explains, at this point its users don’t have to do anything, there’s no reason for you to spend an afternoon changing your master password and doing a full security audit.

On the other hand,LastPass has its work cut out for them, making sure they don’t have to make any changes now that an unauthorized party may have access to its source code.

To be clear, hackers having access to a program’s source code doesn’t immediately mean they can instantly pwn it, breaking through its defenses.

Famously, Microsoft says it doesn’t rely on its source code remaining private for security and says that people being able to read it shouldn’t be a risk (which is a good thing because its source code leaks a lot).

While that should be the case for any company, especially ones like LastPass whose entire deal is keeping your passwords safe.

Pros:

• Several business-oriented products available 
• Best-in-class admin controls 
• End-to-end encryption of all data 

Cons:

• Expensive 
• Cyber Security Issues

The company needs to be going over its code just to make sure there aren’t any subtle vulnerabilities that were missed so something like this doesn’t happen again.

Despite the fact that the breach doesn’t seem to be a red alert for security problems at the company, it’s not a great look for a password manager that’s been struggling with its reputation.

This is just the latest in a line of incidents for LastPass, their Wikipedia page is largely comprised of a section titled “security issues.”

Hackers may not just be after customer data, but they may breach a company’s cyber security measures in order to steal other important information.

Cyber attacks are an ever-growing threat for businesses of all sizes and criminals methods are only becoming more sophisticated. there are steps you can take to help you stay ahead of the curve, be cyber smart, and better prepare your security strategy.