• LastPass CEO Karim Toubba says no personal data or encrypted passwords were compromised.
• The corporation wouldn’t say how long the incident went undetected.
• It’s the latest mishap for LastPass, which angered many customers by making its free tier less functional in 2021.

Earlier this week, LastPass began warning users of a “recent security incident” in which an “unauthorised person” accessed its password manager’s source code and “some proprietary LastPass technical information.” In a letter to users, CEO Karim Toubba said no personal data or encrypted passwords were obtained.

Toubba said the corporation “implemented additional enhanced security measures” after containing the two-week-old intrusion. The corporation wouldn’t say how long the incident went undetected.

LastPass users don’t need to change their master password or perform a security audit, the company said. LastPass may have to make adjustments after an unauthorised person accessed its source code.

Having a program’s source code doesn’t mean hackers can immediately pwn it, breaking its protections. Microsoft famously asserts that people reading its source code shouldn’t be a security problem.

Even if the breach doesn’t seem to indicate security issues within the organisation, it’s not a good picture for a password manager with a poor reputation. It’s the latest mishap for LastPass, and the business also angered many customers by making its free tier less functional in early 2021.

[embedpost slug = “/google-duo-returns-but-partially/”]