LastPass, a well-known password management company, recently confirmed that the company was hacked, and some source code and proprietary technical information were stolen, but user data was not leaked.

The hack actually happened two weeks ago, but LastPass has only now issued a security advisory confirming that it was compromised through a leaked developer account that the hackers used to gain access to the company’s developer environment. LastPass said there was no evidence that user and business data, as well as encrypted password vaults, were affected in the incident, but confirmed that hackers had stolen some of their source code and know-how.

LastPass also said it had strengthened and deployed additional security measures in response to the incident, and hired a leading cybersecurity and forensics firm. In the announcement, LastPass did not provide further details of the attack, such as how the hackers gained access to developer accounts, or what source code and know-how information was stolen.

The LastPass full security bulletin is as follows:

Announcement excerpts:

We recently noticed some unusual activity in some of LastPass’ development environments. We have determined that an unauthorized party gained access to portions of the LastPass development environment through leaked developer accounts, and stole portions of the source code and some LastPass proprietary technical information. We have no evidence that this incident involved any access to customer data or encrypted password vaults, and our products and services remain functional.

In response, we immediately launched an investigation, deployed mitigations, and engaged a leading cybersecurity and forensics firm. While our investigation is ongoing, we have reached a state of containment, implemented additional enhanced security measures, and have seen no further evidence of unauthorized activity.

LastPass emphasized that this incident occurred in a development environment, which does not store user information and user vaults, and that LastPass does not store the user’s master password in any form, so the above information was not affected in this incident. influences.

LastPass is one of the world’s largest password managers, used by more than 33 million users and 100,000 businesses.