Earlier this week, LastPass started notifying its users of a recent security incident where an "unauthorized party" used a compromised developer account to access parts of its password manager's source code. In a letter to its users, the company's CEO explains that it hasn't found evidence that user data or passwords were accessed.
The company has implemented additional enhanced security measures after detecting the breach, Toubba says. The company wouldn't say how long the violation had been going on.
Don’t panic, LastPass users
There is no reason for you to change your password or do a full security audit at this time. LastPass has to make sure that it doesn't have to make any changes now that an unauthorized party may have access to its source code.
A program's source code doesn't immediately mean that a hacker can break through its defenses. Microsoft says that it doesn't rely on its source code remaining private for security and that it shouldn't be a problem if people can read it. If I were a LastPass customer, I would want the company to be looking over its code to make sure there weren't any vulnerabilities that it missed.
Despite the fact that the company doesn't seem to have a lot of security problems, it's still not a good look for a password manager. The company earned the ire of many users for changing its free tier to be less useful in early 2021.