LastPass, a password manager used by more than 33 million registered users, said an authorized actor was able to breach its systems, taking portions of its source code and some proprietary technical information, CEO Karim Toubba said Thursday.
LastPass said the incident was detected about two weeks ago after it identified unusual activity in the company's development environment. However, after an investigation, it was determined no customer data or encrypted vaults were accessed.
The company, which has more than 100,000 business customers, deployed containment and mitigation measures and hired a leading cybersecurity and forensics firm to help determine what happened.
“While our investigation is ongoing, we have achieved a state of containment, implemented enhanced security measures, and see no further evidence of unauthorized activity,” Toubba said.
The company is currently evaluating further mitigation measures.