Over 33 million users use LastPass, a password manager, worldwide. LastPass reported that a hacker recently acquired source code and confidential data. According to the inquiry, there is no proof of stolen credentials.

On Thursday, in a blog post, the business does not think any passwords were obtained as part of the breach. Customers should not take any action to secure their accounts.

As per an inquiry, an “unauthorized entity” gained access to its developer environment, which is the software the staff members create and maintain the LastPass product.

According to the company, the criminals were able to enter the system by using a single compromised developer’s account.

The attacked organization automatically creates and saves difficult-to-crack passwords for a variety of services.

The services include Netflix and Gmail, on behalf of its users. On its website, LastPass cites Patagonia, Yelp Inc., and State Farm as clients.

The cybersecurity blog Bleeping Computer questioned LastPass two weeks ago about the hack.

The “speedy notification” from LastPass impressed Allan Liska, an expert with the cybersecurity firm Recorded Future’s Computer Security Incident Response Team.

The incident response teams can thoroughly evaluate and report on a situation taking over two weeks of time. “It will take some time to accurately assess the scope of any harm that may have resulted from the incident. The clients do not influence right now.

 A request for additional comment from LastPass did not immediately receive a response.

On social media, there was suspicion that after stealing source code and confidential material, hackers might be able to get their hands on the passwords to password vaults.

Last Pass suffered a similar incident in January 2022.

Reference