LastPass is one of the largest password management software titles on the market. It was founded by GoTo in 2008 and was bought by LogMeIn, Inc. in 2015. LastPass has been the subject of conversation for years due to the frequency of its breaches. Now they've had another.
This breach was said to have occurred to gain access to developmental parts of the software. LastPass has said that while the hacker attempted to access the customer data and information, their system controls and designs kept the actor from reaching anything sensitive.
This breach resulted from a hacker gaining access to parts of a LastPass developer account. LastPass CEO, Karim Toubba, said, "Our investigation revealed that the threat actor's activity was limited to a four-day period in August 2022. During this timeframe, the LastPass security team detected the threat actor's activity and then contained the incident."
The breach occurred in mid-August 2022.
LastPass has stated that there is no proof that the actor accessed any customer information or passwords. That said, it would be highly unrealistic to presume that the hacker didn't touch any sensitive information; why else would you hack a password site?
LastPass has released no numbers regarding the accessed files at the time of writing. They have confirmed that the numbers of accessed files were low, and they expect minimal customer interruption. Read more about the LastPass breach at LastPass Source Code Targeted by Hackers.