Memorizing your login credentials for every online platform in today’s internet-enabled world can become a chore really fast. It created a market for Single Sign-On (SSO) authentication, password management features in popular browsers like Google Chrome, and third-party password managers. One of the most popular options among the latter is LastPass, and it is in cyber criminals' crosshairs. A recent breach compromised the company’s development environment. It was detected two weeks ago, but we are only learning of it now.

LastPass CEO Karim Toubba says the company uncovered a breach where bad actors gained access to portions of the company’s source code and proprietary technical information through a single compromised developer account. As a boilerplate response, the company started an investigation (which is still underway) and deployed mitigation measures. It also sought the services of an unnamed cybersecurity firm to prevent such events in the future.

The company says LastPass services continue to operate normally and customer data as well as encrypted password vaults remain unaffected by the breach. The company adds that users don’t need to take any remedial action at this point.

We couldn’t help but notice this isn’t LastPass’ first encounter with bad actors. The company’s servers recorded suspicious activity in December 2021 where the correct master passwords were used to attempt logging into several customer accounts. LastPass flagged and denied the attempts because of their unusual geographic location and, just like this time, maintained that its servers were unaffected. Instead, it's suspected that a leak through a third party was responsible for the spillage of master passwords, like keylogging malware on users' computers.

LastPass is one of the best password managers out there, but since it shut down its free tier in March 2021, we haven’t felt compelled to wholeheartedly recommend it. Google Chrome’s built-in password manager offers comparable features including a secure password generator and the convenience of OS-agnostic multi-device sync. If you must use a third-party app to manage passwords, though, we suggest you take Bitwarden for a spin.