From CNET: LastPass says cybercriminals breached its systems and stole part of its source code, but that no customer passwords were compromised in the incident.
In a Thursday notice to customers, the popular password manager says it started investigating about two weeks ago after it detected some "unusual activity" within parts of its developer environment. It later determined that someone had gained unauthorized access to that environment through a compromised developer account and taken parts of its source code and other proprietary technical data.
"After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults," LastPass CEO Karim Toubba wrote in the customer notice.
LastPass says it's taken measures to contain and stop the breach, as well as brought in an outside cybersecurity company to investigate. While its investigation is ongoing, the company says it hasn't seen any further evidence of intruders.
View: Full Article