According to the operator, neither passwords were compromised nor user data viewed during the break-in into the servers of the password manager provider.
According to LastPass, a password manager provider, there was a breach in their server systems in August. The attackers are said to have had access to the internal development system and copied technical information and source code from there. Lastpass suspected that the attackers did not copy passwords or even have access to user data, but wanted to investigate further.
No danger for user data
In an update to the first blog entry, LastPass CEO Karim Toubba announced that the investigation was complete. The attacker or attackers had access to the systems for a total of four days; later access can be ruled out. The attack was carried out via a compromised developer account. However, the design of the LastPass server is said to have prevented access to user data, and the passwords are also stored in encrypted form.
According to Toubba, LastPass also examined the source code and found no evidence of malicious code being injected.