This week LastPass has begun to inform users of an “recent security incident” in which an “unauthorised person” accessed its password manager’s source code, as well as “some proprietary LastPass technical information.” In an email to its users CEO Karim Toubba stated that the company did not have any personal information or passwords encrypted were accessed.
Toubba said that the corporation “implemented additional enhanced security measures” after the two-week old attack. The company wouldn’t disclose how long it took for the incident to go unnoticed.
LastPass users do not need for a change in their primary passwords or conduct a security audit according to the company. LastPass might need to alter its settings following an unauthorized access to their source code.
The fact that a program’s source code is available does not mean that hackers are able to immediately attack it, thereby breaking its security. Microsoft is famously claiming that anyone looking at its source code won’t be a security risk.
Although the incident does not appear to be a sign of security concerns within the company this isn’t a great image for a password management system with a poor image. This is the latest saga for LastPass and the company has also irritated its users with its free service lower in 2021.