JAKARTA - On August 25, an incident occurred that worried LastPass customers where, there was an "unauthorized party" who took several source codes and engineering information.

After the incident occurred, LastPass immediately conducted a more in-depth investigation and investigation of the data taken.

"We have completed the investigation and forensic process in partnership with Mandiant. Our investigation revealed that the activities of threat actors are limited to a four-day period in August 2022," wrote LastPass CEO Karim Toubba, in his latest statement.

Furthermore, LastPass confirmed that there was no evidence that this incident involved access to customer data or encrypted password safes. This means that customer data can be confirmed to be safe.

"Although threat actors can access the development, design and control environment of our system prevents threat actors from accessing encrypted customer data or password safes," he continued.

Toubba also explained the reason the perpetrators were unable to access customer data, the first was because the LastPass Development environment was physically separated and did not have direct connectivity to the Production environment.

"Secondly, the Development environment does not contain customer data or encrypted safes. Third, LastPass does not have access to the main password of our customer's safe without the main password," added Toubba.

So, Toubba ensured it was impossible for anyone other than the safe owner to decrypt the safe data as part of its Zero Knowledge security model.

"To validate code integrity, we analyzed our source code and production and confirmed that we saw no evidence of a code poisoning attempt or a malicious code injection."

LastPass is a password manager that secures your password and personal information in an encrypted safe.


The English, Chinese, Japanese, Arabic, and French versions are automatically generated by the AI. So there may still be inaccuracies in translating, please always see Indonesian as our main language. (system supported by DigitalSiber.id)