Popular digital password manager LastPass said hackers recently stole parts of the company’s source code and other sensitive data.
The company’s chief executive said in a blog post its users’ passwords were unaffected.
“Our investigation shows no evidence of any unauthorized access to customer data in our production environment,” CEO Karim Toubba said in the post.
LastPass, which has more than 25 million users, works by aggregating the hundreds of passwords consumers and corporate users need to log into their social media accounts, business networks, online retailers and more.
Security professionals routinely recommend using a unique, complex password for each and every website a person visits, so password managers like LastPass play an increasingly important role in keeping people’s data safe online.
Compromising such a company’s master password — the password that protects the rest of a user’s credentials — has always been a nightmare scenario.
That isn’t what happened here, Toubba said.
“This incident did not compromise your Master Password,” he said. The company advised users that no action was needed.
Few other details about the breach were revealed. The company said the hack occurred two weeks prior and that a cybersecurity firm had been hired to investigate. The company did not immediately respond to a follow-up message.