Last week, popular password manager LastPass confirmed part of its source code and technical details were stolen as a result of a security breach.
The company said it detected unauthorized access to its systems, although there is no evidence that attackers gained access to customer passwords. The statement confirmed that in early August, LastPass detected unusual activity within portions of its development environment:
“We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”
Source: LastPass Statement
What does this mean for LastPass users?
The company says there was no access to customer data or encrypted password vaults. However, they have deployed containment and mitigation measures, and implemented additional enhanced security controls. No action is required from users, although a common best practice upon these types of security incidents is to change the master password.
As for the theft of source code, attackers could use it or sell it for others to discover vulnerabilities in the system more easily.
LastPass is a popular password manager, used by more than 33 million people to store login credentials to different services and online accounts in one place, and also to create unique and strong passwords. Password managers are a highly recommended tool as they help avoid account takeover and weak or reused passwords.
The problem with passwords
The simple alphanumeric password that acts as gatekeeper to our personal accounts is the same one that protects enterprise businesses’ servers. And passwords are only as strong as we make them.
Unfortunately, though, most employees–76% of Americans, according to research we conducted in 2022–never change their passwords, or only do so when forced to. And 63% craft them with the bare minimum security requirements.
These users may be your employees, or those who work at your third party vendor companies. One common password, either easily cracked or used repeatedly across multiple sites, could be the entryway for malicious actors into your supply chain and company’s data.
This is why password managers, storing strong and unique passwords, are the essential measure to protect your accounts. While the news of LastPass being attacked may be disconcerting, it shouldn’t detract from the benefits of using a password manager. Organizations looking to double down on their security can choose from a variety of solutions, with some even being directly integrated into full-featured security solutions.
On that note, adding an extra layer of security in the form of multi-factor authentication (MFA) is also a highly recommended best practice. It helps protect accounts from being accessed by an unauthorized third party that may have been able to discover, for example, a single password.
If you want to learn more about password usage trends and how to protect your network from exposed credentials, download this strategy guide.
Protect your network from exposed credentials
Our survey found that 76% of users change their passwords only when they have to. Are your vendors enforcing security standards that keep your business safe?
Get the latest research on password usage and learn how to protect credentials across your supply chain.
