LastPass, a password manager used by more than 33 million people worldwide, reported that a hacker recently stole source code and confidential information after infiltrating its systems.
According to a blog post on Thursday, the company doesn't think any passwords were taken as part of the breach and users shouldn't need to take any action to secure their accounts. An investigation revealed that a "unauthorised party" gained access to its developer environment, which is the software used by staff members to create and maintain the LastPass product.
The perpetrators were able to access the system by using a single compromised developer's account, the company claimed.
As per Bloomberg, the organisation that was attacked is one that automatically creates and maintains complex passwords for a variety of user accounts, including Netflix and Gmail, so that customers don't have to manually enter their login information.
On its website, LastPass cites Patagonia, Yelp Inc., and State Farm as clients. According to the cybersecurity blog Bleeping Computer, it questioned LastPass two weeks ago about the hack. The "speedy notification" from LastPass impressed Allan Liska, an expert with cybersecurity firm Recorded Future's Computer Security Incident Response Team.