Data breaches are nothing new for any company, but given LastPass’s entire business model hinges on keeping passwords safe and secure, falling victim to a hack is a bad look. However, in this case, there’s a silver lining: The breach hasn’t resulted in anything that could result in any account passwords or vaults being compromised. It’s a pain for the company, but your data will remain safe.
What to Know About the LastPass Hack
The advisory from LastPass says that the breach started when a developer’s user account was compromised two weeks earlier. The account was then used to hack the LastPass developer systems, giving the bad acros access to some source code and company information, though not to the user data of the platform’s 33 million customers. The company is also “evaluating further mitigation techniques,” Toubba said in the announcement. LastPass might have preferred to wait a while longer before announcing the breach. According to BleepingComputer, insiders leaked news of the breach to journalists last week, who then contacted LastPass with questions that went unanswered until their public announcement.
Can Password Managers Really Keep You Safe?
The fact that no user data was leaked is a definite upside to this incident, but it’s not reassuring to consider that a bad actor now has access to an unspecified amount of LastPass’s source code. Still, password managers are safer on the whole than trying to keep all your passwords in your head, a habit that inevitable leads to re-using passwords or picking easy-to-crack options just because they’ll stick in your memory. In fact, one recent survey of IT leaders found a massive 84% think that passwords are “deceptively weak.” Until we move past passwords altogether for our online security needs, we’d recommend a password management tool. Our researchers found LastPass offered the best software at the lowest price, but other top options to consider include 1Password and Dashlane.
