Prominent password management company LastPass has once again suffered a hack, but assured customers their accounts remain safe.
Chief executive Karim Toubba posted on the company’s blog that LastPass had determined an unauthorised party had gained access through a single compromised developer account.
The attacker was able to take “portions of source and some proprietary LastPass technical information,” Toubba said.
“In response to the incident, we have deployed containment and mitigation measures, and engaged a leading cybersecurity and forensics firm.
While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorised activity,” Toubba added.
The LastPass chief executive said users’ Master Passwords were not compromised, as LastPass operates an industry standard zero knowledge architecture, meaning the company does not store credentials on its servers.
No user vaults or personal information have been accessed either, LastPass said.
LastPass is an attractive target, and has been compromised a number of times in its lifetime, including a 2011 incident that saw some users’ email addresses and their salted password hashes transferred from a company database.
In 2015, LastPass again suffered a data breach, that resulted in user account data being compromised.