(The Hill) – The CEO of the password-manager company LastPass said Thursday that it was recently hacked, but the company sees no evidence that any customer data or passwords were exposed.
“We have determined that an unauthorized party gained access to part of the LastPass development environment through a compromised developer account and took part of the source code and some technical information of LastPass,” CEO Karim Toubba. written in a letter to customers.
The software allows users to store their passwords for multiple accounts and websites in a “vault” that can be locked with a single master password, as well as providing customers with auto-generated passwords designed to be difficult to crack.
Toubba said the company became aware of the hack after noticing unusual activity two weeks ago.
LastPass says its software is designed so companies never know or gain access to customers’ master passwords.
“Our investigation showed no evidence of unauthorized access to encrypted vault data,” the company wrote on its frequently asked questions page. “Our zero-knowledge model ensures that only customers have access to decrypt vault data.”
The company said its product is operating normally and LastPass is working with cybersecurity and forensics firms following the incident.
“Based on what we have learned and implemented, we are evaluating further mitigation techniques to strengthen our environment,” Toubba told customers.