There was unauthorized access to the development environment from the provider of the password manager LastPass. Customer data should not be at risk.
Unknown attackers were able to gain access to LastPass servers and copy internal data. The incident is said to have taken place two weeks ago.
No access to master passwords
LastPass, the provider of the password manager of the same name, now comments on the incident in a blog post. The authors of the article assure that the attackers had no access to personal customer data. Master passwords and data in users’ encrypted password vaults should not be affected.
LastPass indicates that a development environment was accessed. The attackers are said to have copied the source code and technical information. The attacks are said to have come from a compromised developer account. It is not yet clear how the account was accessed.
The investigations are still ongoing. There is currently no evidence that the attackers are still in the system. The LastPass service is said not to have been restricted by the attack at any time.