One of the biggest password managers manages to get hacked

LastPass says no customer data or master passwords were compromised in the breach.

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

LastPass, one of the largest freemium cloud-based password managers with more than 25 million users, has been hacked. The hackers made off with “portions of source code,” according to an announcement by the company itself. The good news is that no user information or passwords were at risk.

In ablog post(viasweclockers), LastPass revealed today that it was exposed to a data breach two weeks ago. The company “detected some unusual activity within portions of the LastPass development environment,” which resulted in the theft of proprietary data. A compromised developer account is to blame for the breach. Fingers crossed they weren’t using ‘password’ or ‘12345’ or this is going to get embarrassing for someone.

As far as users' personal information and passwords are concerned, there’s no evidence of customer data or account master passwords being accessed, according to LastPass.

Users' Encrypted vault data also seems to have not been affected. LastPass says the whole incident took place in its “developer environment,” which means that it went nowhere near touching any of the encrypted vault data.

In addition to passwords, LastPass users can also store digital copies of personal records like ID and insurance cards in a vault in the cloud. The premium version of the services gives you access to this vault across multiple devices.

Best gaming PC: The top pre-built machines from the prosBest gaming laptop: Perfect notebooks for mobile gaming

“In response to the incident, we have deployed containment and mitigation measures and engaged a leading cybersecurity and forensics firm,” wrote Karim Toubba, CEO of LastPass. “While our investigation is ongoing, we have achieved a state of containment, implemented additional enhanced security measures, and see no further evidence of unauthorized activity.”

Last year, LastPass suffered acredential stuffing attack, where hackers attempted to access users' cloud-hosted password vaults. In 2015, LastPass told its customers to change their master passwords after adata breachoccurred where hackers managed to steal some user data (but no passwords).

The biggest gaming news, reviews and hardware deals

Keep up to date with the most important stories and the best deals, as picked by the PC Gamer team.

If you’re a LastPass user, the company says there’s no action you need to take right now. However, LastPass does recommend that you set up authentication via the LastPass Authenticator app and make sure you keep all your devices up to date.

Jorge is a hardware writer from the enchanted lands of New Jersey. When he’s not filling the office with the smell of Pop-Tarts, he’s reviewing all sorts of gaming hardware, from laptops with the latest mobile GPUs to gaming chairs with built-in back massagers. He’s been covering games and tech for over ten years and has written for Dualshockers, WCCFtech, Tom’s Guide, and a bunch of other places on the world wide web.

The AMD Ryzen 7 9800X3D just hit 6.9 GHz and thousands of in-game fps with an overclock and it barely even broke a sweat

Australia proposes social media ban for everyone under the age of 16, citing concerns about young people’s mental wellbeing

The first PUBG spinoff with real promise is a top-down take on Rainbow Six Siege