The free add-on Lastpass for Internet Explorer, Firefox and Google Chrome, is a password manager and generator that stores the user’s passwords encrypted in a list. It can also generate passwords new passwords. The company, which has its core competence in online security, has itself been the victim of a cyberattack. On Thursday, the company announced that its source code had been stolen. An unauthorized party had an access to parts of the development area via a compromised developer account, says the blog post on the company’s site. However, the products and services are functioning normally. There is no indication that there was any access to customer data or to the encrypted password vault.
Master passwords are save
The basis for the password manager is a master password. This is created individually by each user. The company states that this is not affected by the cyber attack. Lastpass does not store this password and therefore has no knowledge of it. A zero-knowlegde architecture ensures that Lastpass cannot access the master passwords of its customers.