Skip to main content

Hackers stole LastPass source code in data breach incident

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company’s products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

Recommended Videos

“Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.”

Please enable Javascript to view this content

The breach occurred through a compromised developer’s account, and the unauthorized party made off with portions of the company’s source code and proprietary LastPass technical information.

We recently detected unusual activity within portions of the LastPass development environment and have initiated an investigation and deployed containment measures. We have no evidence that this involved any access to customer data. More info: https://t.co/cV8atRsv6d pic.twitter.com/HtPLvK0uEC

— LastPass (@LastPass) August 25, 2022

Toubba emphasized that user information was safe and that the unauthorized party did not compromise any passwords or access user vaults.

While it’s comforting to know that no data was stolen at this time, the stolen source code and proprietary information could be a significant issue and contribute to later breach attempts. LastPass seems to be aware of this possibility, as Toubba adds later that the company has hired a “leading cybersecurity and forensics firm.”

This is the second data issue LastPass has experienced in the last year. In December, some LastPass users were subjected to a “credential stuffing attack” by hackers attempting to access personal vaults. According to the company, no one’s accounts were compromised in the attack.

LastPass says it will update customers as the company learns more about what happened.

The breach a few weeks ago occurred in the development environment, so no consumer’s passwords were at risk. User passwords are hidden in encrypted vaults that can only be accessed by the user’s master password. LastPass is largely considered one of the best password managers around.

Caleb Clark
Former Digital Trends Contributor
Caleb Clark is a full-time writer that primarily covers consumer tech and gaming. He also writes frequently on Medium about…
I tested two of the best password managers, and there’s a clear difference
A side-by-side comparison of Dashlane and Bitwarden pricing appears on a PC monitor.

Looking for a new password manager? While there are plenty of solutions to choose from, Dashlane and Bitwarden are among the best. I’ve reviewed both and can help you decide which is the best fit for your particular needs.
Tiers and pricing
A side-by-side comparison of pricing for Dashlane and Bitwarden. Digital Trends

If you want a free password manager, Bitwarden is the clear winner since it offers a full-featured solution with no arbitrary restrictions. Dashlane’s free version is more like an unlimited trial since it’s limited to a maximum of 25 logins.

Read more
Best LastPass alternatives for 2024
A digital security lock.

Whether you're security-conscious or have a terrible memory, using a password manager is a great way to free up brain space and secure your most important information. Unfortunately, LastPass -- once one of the best password managers -- has had several security incidents over the years, making customers look to other options.

This list of both free and paid password managers are solid replacements for LastPass.
Best LastPass alternatives

Read more
Is LastPass safe? Here’s what we know about its security history
LastPass website on a laptop.

LastPass has been in the news quite a bit over the past decade. Following some data breaches and security incidents, you may be wondering if it’s now safe to use the well-known password manager -- whether you’re a previous, current, or potential LastPass user.

Let’s take a look at LastPass’ current features and security measures along with the previous incidents.
What is LastPass?

Read more