LastPass Hack Confirmed: No Credentials Stolen

Share the joy

LastPass was hacked but no user data and master passwords were compromised.

With 25 Million Users 

LastPass is one of the most popular password managers. It has over 25 million users. But on August 25, the company stated that hackers stole a portion of its source code. It also confirmed that some of its technical information was hacked. 

The Network Breach 

It does not believe that any password was taken. Thus, it did not recommend users take action to secure their accounts. 

The investigation revealed that there was an unauthorized party that cracked into its developer environment. It is the software the employees are utilizing to build and maintain the product. 

But the hackers gained access through one compromised developer’s account. 

LastPass generates and stores auto-generated, difficult-to-hack passwords for various accounts such as Netflix and Gmail. The accounts don’t need users to manually enter their credentials. 

On its website, it lists State Farms and Yelp Inc as customers. 

Two weeks ago, Bleeping Computer reported that it asked LastPass about the hack. Although two weeks would seem like a long time to some people, it is understandable considering that it takes a lot of time to assess and report the situation. 

LastPass continues to investigate the hack. It will take more time for it to fully determine the extent of the damage as a result of the breach. For now, though, it seems that it does not impact its clients. 

However, many speculated that hackers might have access to the keys to password vaults after the app’s source code was stolen. 

This is not the first time that LastPass experienced a breach in its system. Last year, it sent email warnings to many of its users after their master passwords had been breached. 

The hack allowed someone to use the passwords to log into their accounts from unknown devices or locations. 

The recent hacking incident suggests that no technology is safe from hacking. Computer security experts recommend enabling multi-factor authentication so that the bad actors can’t access your account even if your password has been compromised. 

Should you still use password managers? Despite this hacking incident, password managers are still your safer bet when it comes to managing your passwords. 

Traditional Passwords No Longer Secure 

Hackers have developed various methods to steal credentials and gain access to private accounts. Microsoft engineers admitted that most of the compromise incidents could have been prevented with the use of multi-factor authentication (MFA). 

With MFA, users need to provide at least two identity verification before they could access their account online. There are three major types of MFA. 

The first one is the use of passwords or PINs. The second type is the use of a physical object. The third is a biometric verification, such as your fingerprint, voice recognition, or retina scan. 

Most websites now include two-factor authentication (2FA) to verify a user’s access attempt. But the MFA offers a stronger solution but it is difficult to implement. MFA solutions are inexpensive. Most state laws have already required organizations to provide robust authentication processes if they are handling sensitive data.

Share the joy

Author: Jane Danes

Jane has a lifelong passion for writing. As a blogger, she loves writing breaking technology news and top headlines about gadgets, content marketing and online entrepreneurship and all things about social media. She also has a slight addiction to pizza and coffee.

Share This Post On