One of the biggest password managers manages to get hacked

News
By published

LastPass says no customer data or master passwords were compromised in the breach.

Hacker hacking things.
(Image credit: Getty images - boonchai wedmakawand)

LastPass, one of the largest freemium cloud-based password managers with more than 25 million users, has been hacked. The hackers made off with "portions of source code," according to an announcement by the company itself. The good news is that no user information or passwords were at risk. 

In a blog post (via sweclockers), LastPass revealed today that it was exposed to a data breach two weeks ago. The company "detected some unusual activity within portions of the LastPass development environment," which resulted in the theft of proprietary data. A compromised developer account is to blame for the breach. Fingers crossed they weren't using 'password' or '12345' or this is going to get embarrassing for someone.

As far as users' personal information and passwords are concerned, there's no evidence of customer data or account master passwords being accessed, according to LastPass. 

Users' Encrypted vault data also seems to have not been affected. LastPass says the whole incident took place in its "developer environment," which means that it went nowhere near touching any of the encrypted vault data. 

In addition to passwords, LastPass users can also store digital copies of personal records like ID and insurance cards in a vault in the cloud. The premium version of the services gives you access to this vault across multiple devices.

Your next machine

(Image credit: Future)

Best gaming PC: The top pre-built machines from the pros
Best gaming laptop: Perfect notebooks for mobile gaming

"In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm," wrote Karim Toubba, CEO of LastPass. "While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity."

Last year, LastPass suffered a credential stuffing attack, where hackers attempted to access users' cloud-hosted password vaults. In 2015, LastPass told its customers to change their master passwords after a data breach occurred where hackers managed to steal some user data (but no passwords). 

If you're a LastPass user, the company says there's no action you need to take right now. However, LastPass does recommend that you set up authentication via the LastPass Authenticator app and make sure you keep all your devices up to date.

Jorge Jimenez
Jorge Jimenez
Hardware writer, Human Pop-Tart

Jorge is a hardware writer from the enchanted lands of New Jersey. When he's not filling the office with the smell of Pop-Tarts, he's reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He's been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom's Guide, and a bunch of other places on the world wide web. 

Read more
Kinzie, in an FBI jacket, uses a computer with the logo of the Third Street Saints on it
Have I Been Pwned adds over 284 million compromised passwords from latest breach
A Path of Exile 2 sorceress casting flaming skulls in a hellish landscape
'We are incredibly sorry': Path of Exile 2 devs apologise for data breach that saw 66 accounts snatched and personal info potentially stolen
Path of Exile 2 early access class key art
Around 66 accounts in Path of Exile 2 were compromised, due to a one-two punch of an old unused Steam account and a backend bug
Mister Fantastic giving a thumbs up
A Marvel Rivals player has uncovered 'one of the most dangerous vulnerabilities a game can have' that'll let cheaters take over your PC and find your passwords
Hacker
$1.5 billion crypto heist could be the biggest yet, more than doubling the previous record, but don't worry: The affected firm says it can take the hit
An image of a fake Bitcoin with a laptop in the background displaying financial data
North Korean hackers are said to have stolen $1,300,000,000 in crypto in 2024, an estimated 61% of the total funds swiped this year
Latest in Hardware
A pink GameSir Nova Lite, and a purple 8BitDo Ultimate 2C float in a teal void.
Hall effect controllers are so cheap now I’ve got a deal for you AND your player two
Peely from Fortnite with banana-fied Wolverine claws.
Fortnite comes to Snapdragon: Epic Games announces upcoming Arm support for its Easy Anti-Cheat software
Texas Instruments MSPM0C1104 tiny chip
World's smallest microcontroller looks like I could easily accidentally inhale it but packs a genuine 32-bit Arm CPU
Varjo Aero
Varjo Aero VR headsets seem to be not working on RTX 5090s, and its community is opting for strange solutions while waiting for an Nvidia driver release to fix it
A pasta "display" on a table showing the word "keep" surrounded by fruit. Obviously.
Penne for your thoughts: This pasta display can show three individual frames and it's trying its best, okay
Intel engineers inspect a lithography machine
Finally some good vibes from Intel as stock jumps 15% on new CEO hire and Arizona fab celebrates 'Eagle has landed' moment for its 18A node
Latest in News
A woman with an arcane slingshot uses it to light a distant fire
Deconstructeam's next game is about training to shoot a single fireball at an impossible target
assassin's creed shadow naoe
We asked two parkour athletes to rate the realism of Assassin's Creed's acrobatics, and a surprising 'crime against parkour' might actually be one of the most realistic things they saw
Mechs fight on the outside of a spaceship
MechWarrior 5: Clans is getting DLC with playable Elementals and a fight on the outside of a spaceship
Aloy - Horizon
'I feel worried about this art form:' Unsurprisingly, the real Aloy from Horizon isn't a fan of AI Aloy
Crying laughing emoji with disturbing realistic elements for REPO
REPO's first update will add a new map and a 'duck bucket' so we can finally give that pesky quacker a time out
Man facing camera
The Day Before studio reportedly sues Russian website for calling infamous disaster-game a 'scam'
More about hardware
Varjo Aero

Varjo Aero VR headsets seem to be not working on RTX 5090s, and its community is opting for strange solutions while waiting for an Nvidia driver release to fix it
A pink GameSir Nova Lite, and a purple 8BitDo Ultimate 2C float in a teal void.

Hall effect controllers are so cheap now I’ve got a deal for you AND your player two
Wordle answers

Today's Wordle answer for Monday, March 17
See more latest
Most Popular
Wordle answers
Today's Wordle answer for Monday, March 17
A woman with an arcane slingshot uses it to light a distant fire
Deconstructeam's next game is about training to shoot a single fireball at an impossible target
assassin's creed shadow naoe
We asked two parkour athletes to rate the realism of Assassin's Creed's acrobatics, and a surprising 'crime against parkour' might actually be one of the most realistic things they saw
Mechs fight on the outside of a spaceship
MechWarrior 5: Clans is getting DLC with playable Elementals and a fight on the outside of a spaceship
Aloy - Horizon
'I feel worried about this art form:' Unsurprisingly, the real Aloy from Horizon isn't a fan of AI Aloy
Crying laughing emoji with disturbing realistic elements for REPO
REPO's first update will add a new map and a 'duck bucket' so we can finally give that pesky quacker a time out
Wordle today being played on a phone
Today's Wordle answer for Sunday, March 16
Man facing camera
The Day Before studio reportedly sues Russian website for calling infamous disaster-game a 'scam'
Battlefield 1
The best Battlefield game of the last decade is 95% off until Thursday
Fields of Mistria
The hottest farming sim since Stardew Valley just got its second major update, adding lava caves and pets you unlock by having a 'pet dream'