Password manager LastPass has been hacked

The CEO of password-manager company LastPass Karim Toubba said Thursday that it was recently hacked, but the company sees no evidence the incident exposed any customer data or passwords.

The software allows users to store their passwords for various accounts and websites in a "vault" that can be unlocked with a singular master password, also providing customers with auto-generated passwords designed to be hard to guess.

As detailed by LastPass, an unauthorized third party gained access to the developer environment through a compromised developer account. While some proprietary source code and other proprietary info was stolen, LastPass has clarified that no sensitive user info, such as master passwords, encrypted account passwords, or account information, was taken by the attacker.

Toubba said the company became aware of the hack after observing unusual activity two weeks ago. LastPass said its software is designed so that the company can never know or gain access to customers' master passwords.

"Our investigation has shown no evidence of any unauthorized access to encrypted vault data," the company wrote on a frequently asked questions page. "Our zero knowledge model ensures that only the customer has access to decrypt vault data."

Read more -here-

• Dropbox breach exposes customer credentials, authentication data
• Google: Passkey authentications top 1 billion across 400 million accounts
• FTC fines Razer for misrepresenting COVID masks as N95s
• FCC fines Verizon, AT&T other major carriers nearly $200 million for sharing customer data
• Federal regulators accuse Amazon executives of deleting messages
• FCC restores net neutrality rules