Password manager LastPass has told customers that some of their information has been accessed in a cybersecurity breach, but says passwords remain safe.
LastPass is one of several password managers in the market that aims to reduce the reuse of passwords online, by storing themin a single app. It also makes it easier for users to generate strong passwords as required.
In August, LastPass determined that some of its source code and technical information was taken from unauthorised access to a third-party storage service the company had been using.
After an investigation the company said, while the threat actor had been able to access the company’s development environment, the system had prevented access to customer data or encrypted passwords.
At the time LastPass said the attacker had taken portions of source code and some proprietary LastPass technical information, but believed the risk to the app was limited.
LastPass said that its production environment was physically separate to the development environment and not directly connected. The company also conducted an analysis of its source code and production builds to verify there were no attempts to inject malicious code.