One of the leading password managers in the market, LastPass, has been hacked. Karim Tuba, the company's CEO, admitted this a few hours ago, explaining that the cyber attackers seized the password and accessed "parts of the source code and technical information recorded by LastPass".
According to the company, its “products and services are operating normally” and its 33 million registered users (100,000 of whom are paid, the rest are free) do not have to take any additional measures to protect their accounts at this time.
However, in the medium term, this leak represents a clear threat to the security of user data, as stolen technical information can give attackers clues about vulnerabilities - previously discovered or not - in the platform.
In fact, this is the second cybersecurity incident related to LastPass in the past eight months: last December, several of its users received alerts of login attempts with compromised master passwords.
You have to go back 7 years to find a dangerous precedent as it is now: In June 2015, LastPass reported a hack in the company's intranet that forced it to require its users to change their master passwords as soon as possible.
So our recommendation is to change your LastPass master password. And even think about betting on a new password manager ... for example, an open source one, where source code theft is not an obstacle.