LastPass released an advisory today informing customers the company was hacked to weeks ago. The password management company stated they had been breached through a compromised developer account that hackers used to access the LastPass developer environment. The advisory claims there is no evidence that customer data or encrypted password vaults were compromised but portions of the company’s source code were stolen. Additionally, the company stated that customers master passwords were not compromised because they “utilize an industry standard Zero Knowledge architecture that ensures LastPass can never know or gain access to our customers’ Master Password.” LastPass has not provided further details regarding the attack, how the threat actors compromised the developer account, and what source code was stolen.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in