Brittney Griner Back in US Blur Your Home on Google Maps Gift Picks From CNET Editors 17 Superb Gift Ideas Guillermo del Toro's 'Pinocchio' 'Harry & Meghan' on Netflix Prepping for 'Avatar 2' Lensa AI Selfies
Want CNET to notify you of price drops and the latest stories?
No, thank you

LastPass Says No Passwords Stolen in Data Breach

Cybercriminals broke into the company's systems and stole parts of its source code.

An image of the LastPass logo.
LastPass says cybercriminals stole part of its source code. 
Sarah Tew/CNET

LastPass says cybercriminals breached its systems and stole part of its source code, but that no customer passwords were compromised in the incident.

In a Thursday notice to customers, the popular password manager says it started investigating about two weeks ago after it detected some "unusual activity" within parts of its developer environment. It later determined that someone had gained unauthorized access to that environment through a compromised developer account and taken parts of its source code and other proprietary technical data. 

"After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults," LastPass CEO Karim Toubba wrote in the customer notice.

LastPass says it's taken measures to contain and stop the breach, as well as brought in an outside cybersecurity company to investigate. While its investigation is ongoing, the company says it hasn't seen any further evidence of intruders.

Password managers are free and paid services that encrypt and store all of a user's logins and passwords, autofilling them into the appropriate websites and apps when a master password, PIN number or biometric factor is supplied.

As part of their security measures, LastPass and many other password managers don't store, have knowledge of, or access to the master passwords of its users, which further protects user data if the company is breached.  

Security experts overwhelmingly recommend the use of password managers, because they make it much less likely that users will set bad, easy to guess passwords, or use the same password for multiple accounts.