If recently we saw how a well-known platform, Plex, communicated to its users that there had been a breach in its security system. Now it’s LastPass ‘s turn. Although, this time it is something more different. Basically, because we are dealing with a program that is responsible for managing all the keys that we have been saving. For what could have been worse, as large data of many users could have been compromised.
It has been through their own website, through an official statement on their blog, where they have wanted to announce the notice of the recent security incident that they discovered two weeks ago. However, they have not wanted to report on this before having more information about it. Since, at the time of discovering the security breach, they did not know the scope that it could have had.
What happened
As we mentioned before, from the program’s own statement, known for being a password manager, they made it clear that two weeks ago they detected unusual activity in different parts of the usual LastPass development environment. At that time, they began to carry out an investigation to see if this intrusion by cybercriminals put users at risk, that is, if they had managed to get hold of important information such as passwords.
After this time, until a few hours ago, they concluded that “third parties” had access to different parts of the LastPass development environment, and it was all through a single developer account. In this way, they managed to take parts of the source code and certain technical information that is proprietary to the program. And, despite this big mishap, all its products and services continue to function normally. But what about the passwords of users using LastPass?
Do you have to worry?
Best of all, despite the security breach in LastPass, users have not been affected as reported since their official statement: ” This incident did not compromise your master password .” In any case, the company has taken action on the matter and has already implemented additional security measures. In addition, they are already evaluating more mitigation techniques with the aim of strengthening the cybersecurity environment.
However, the investigation into this LastPass security incident is still ongoing. And while the company has notified its users that there is currently no evidence that this case involved access to their data or encrypted password vaults, we are encouraged to follow their practices to properly set up LastPass. As is the case with using a master key or setting up authentication .
At the moment it is clear that, based on their own research, the Zero Knowledge architecture, which ensures that LastPass can never know or gain access to the master password of its customers, has been of great help. In any case, it is up to us to change the password to stay calmer and, above all, enable two-step authentication.
