Password storage platforms make it easier to log in to websites and applications that require membership. LastPass, one of the popular password storage platforms, was hacked recently.
Hackers, who accessed the account of a developer working on the LastPass platform, stole the software’s source code and some technical information. Underlining that the process will be carried out with transparency, the company cleared the question marks in its blog post.
LastPass hacked: Are our passwords safe?
LastPass announced that users’ master passwords could not be compromised. “We never store or know about your Master Password. We use the industry standard Zero Knowledge architecture, which ensures that LastPass never knows or accesses our customers’ Master Password.” statements were included.
Stating that the research process is continuing, the company emphasized that users do not have access to password storage areas. The company explained that only customers have access to decrypt their password storage.
Experts warned! Delete these Android apps now
What are dangerous apps for Android? The latest report of security researchers drew attention to these apps in the Play Store.
According to the company’s claim, there was no personal data breach. Stating that customers can continue to use the platform safely, LastPass will inform again when the forensic analysis is concluded.
So how was LastPass hacked? The statement made by Karim Toubba, the CEO of the company, is as follows:
To all LastPass Customers,
I’d like to inform you about a development that we think is important to us to share with our LastPass business and consumer community.
Two weeks ago, we detected unusual activity in parts of the LastPass development environment. After immediately launching an investigation, we saw no evidence that this incident involved any access to customer data or encrypted password segments.
We’ve determined that an unauthorized party has gained access to parts of the LastPass development environment through a single compromised developer account, and has obtained portions of the source code and some proprietary LastPass technical information. Our products and services are operating normally.
In response to the incident, we implemented containment and mitigation measures. We signed with a leading cybersecurity and forensics firm. As our investigation continues, we have reached a state of containment, implemented additional enhanced security measures, and have found no further evidence of unauthorized activity.
Based on what we have learned and applied, we are evaluating further mitigation techniques to strengthen our environment. Below we have included a short FAQ that we anticipate will be your most pressing questions and concerns. We will keep updating you with the transparency you deserve.
Thank you for your patience, understanding and support.
What do you think about this subject? You can share your ideas in the comments section and on the SDN Forum.