Two weeks ago, LastPass, which develops the password manager of the same name, which is used by more than 33 million people around the world, was hacked by unknown attackers. Hackers managed to steal LastPass source codes and proprietary technical information.
Bleeping Computer journalists report that they learned about this attack from insiders last week, but an attempt to contact the company and find out the details did not lead to anything. The publication’s own sources say that LastPass employees tried their best to contain the attack and prevent the compromise from spreading after the hack.
Now the fact of the attack has finally been officially confirmed: LastPass has published a statement in which she spoke about the incident.
The company said that hackers gained access to the development environment by compromising the account of one of the employees. While LastPass says it has found no evidence of compromise of customer data and encrypted password vaults, it has been confirmed that the attackers were able to steal parts of the source code and “proprietary technical information.”
“While our investigation is ongoing, we have reached a state of containment, implemented additional enhanced security measures, and currently do not see any additional evidence of unauthorized activity,” the company says, noting that third-party cybercriminals have already been involved in the investigation of what happened.
Citing an ongoing investigation, the company did not provide any further details about the attack, how the attackers compromised the developer’s account, or exactly what source code was stolen.