Hackers stole LastPass’s source code, but users are unaffected for now

Memorizing your login credentials for every online platform in today’s internet-enabled world can become a chore really fast. It created a market for Single Sign-On (SSO) authentication,password management featuresin popular browsers like Google Chrome, and third-party password managers. One of the most popular options among the latter is LastPass, and it is in cyber criminals' crosshairs. A recent breach compromised the company’s development environment. It was detected two weeks ago, but we are only learning of it now.

LastPass CEO Karim Toubba says the companyuncovered a breachwhere bad actors gained access to portions of the company’s source code and proprietary technical information through a single compromised developer account. As a boilerplate response, the company started an investigation (which is still underway) and deployed mitigation measures. It also sought the services of an unnamed cybersecurity firm to prevent such events in the future.

4

The company says LastPass services continue to operate normally and customer data as well as encrypted password vaults remain unaffected by the breach. The company adds that users don’t need to take any remedial action at this point.

We couldn’t help but notice this isn’t LastPass’ first encounter with bad actors. The company’s servers recordedsuspicious activityin December 2021 where the correct master passwords were used to attempt logging into several customer accounts. LastPass flagged and denied the attempts because of their unusual geographic location and, just like this time, maintained that its servers were unaffected. Instead, it’s suspected that a leak through a third party was responsible for the spillage of master passwords, like keylogging malware on users' computers.

lastpass.ae867

LastPass is one ofthe best password managersout there, but since itshut down its free tierin March 2021, we haven’t felt compelled to wholeheartedly recommend it. Google Chrome’s built-in password manager offers comparable features including a secure password generator and the convenience of OS-agnostic multi-device sync. If you must use a third-party app to manage passwords, though, we suggest you take Bitwarden for a spin.

The note-taking app I should have used all along

Browsers

Broader branding hints at wider paid-tier ambitions

I played the opening mission of The Outer Worlds 2 and really enjoyed what I experienced

Samsung Notes logo in front of image containing S Pen and devices using Samsung Notes

EA has confirmed the early access release date for the next game in the Skate series

Google is still searching for answers

Google Home icon with some gadgets around it.

What’s new? A lot