A hacker stole source code and proprietary information from LastPass after breaking into its systems.
Users shouldn't have to take action to secure their accounts because the company doesn't believe passwords were taken as part of the incident.
The developer environment is the software that employees use to build and maintain the product. The company said that the perpetrators gained access through a compromised developer's account.
We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC
— LastPass (@LastPass) August 25, 2022
A company that creates and stores hard-to-crack, auto-generated passwords for multiple accounts on behalf of its users was attacked. State Farm is listed as a customer on the website.
Two weeks ago, Bleeping Computer asked LastPass about the incident.
Allan Liska, an analyst on the computer security incident response team at Recorded Future, said he was impressed with the LastPass notification.
It can take a while for incident response teams to assess and report on a situation. It looks like it isn't client-impacting at the moment.
LastPass didn't reply to a request for more information.
There was a rumour on social media that the keys to password vaults could be accessed by hackers after they stole source code.
Liska said that it was unlikely that the criminals would be able to get into customer passwords.