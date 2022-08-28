At best deals,

Password managers are a great way to protect against leaks and hacking. But these tools can also be attacked. O LastPassone of the most famous managers, had parts of his source code and yours technical information stolen after a break-in, the company revealed on Thursday (25).

LastPass for Android (Image: Emerson Alecrim/Tecnoblog)

According to Karim Toubba, CEO of the company, an unusual activity was detected in the development environment two weeks ago. This activity was made possible through a compromised developer account.

Through it, an unauthorized agent was able to take parts of the source code and “proprietary technical information from LastPass”.

The company says there is no evidence of unauthorized access to consumer data or encrypted password vaults.

Still, the company says it has taken containment and mitigation measures and implemented additional security measures, seeing no further evidence of unauthorized activity. A cybersecurity firm hired by LastPass has launched an investigation.

In the statement, the company included frequently asked questions from users. She says that the master passwords were not compromised as they are not stored by her. Currently, customers do not need to take any additional security measures.

The website BleepingComputer says its report was made aware of the break-in last week—sources reportedly said officials were struggling to contain the attack. At the time, LastPass did not respond to the post’s questions.

LastPass has already suffered other attacks

This isn’t the first cybersecurity episode involving LastPass. In December 2021, the company was targeted by a credential stuffing attack.

This name is given to actions where bad actors take passwords that have been leaked from other services and try to use them on a specific website to see what works.

The service’s master passwords were also stolen using the RedLine malware, which steals credentials saved in browsers such as Chrome, Edge, and Opera.

In 2019, a vulnerability was discovered in the app that revealed passwords used on previously visited pages. In 2015, the company also suffered an attack and had to ask users to change their passwords.

