Although the password management system suffered a breach, user passwords remain safe.
LastPass is a password manager that stores and generates passwords online, with the intent of creating stronger and more varied credentials. The company found in August that technical information and source code were taken from a third-party service via unauthorized access. While the development environment and areas housing proprietary information were accessed, the company believed the risk their app to be minimal.
On Wednesday, LastPass CEO Karim Toubba stated that an unauthorized party took information from the previous attack and had been able to access certain user information. Toubba said the company is currently identifying which information was accessed, but that passwords were still encrypted. LastPass intends to put more security measures and monitoring into their systems to detect unauthorized activity.