LastPass, the company behind the popular password manager app, has announced that it has suffered a very serious security breach that could leak passwords stored on the service.
The company said hackers managed to break into one of its employees' computers, resulting in an unprecedented theft of the company's digital treasure that is only available to a limited number of developers.
The company added that the hacks stole the keys that entered its cloud area on the Amazon S3 service, where the company stores backup application codes for application users along with a full history of their passwords.
The attack allowed the attacker to access highly sensitive information by exploiting a vulnerability in a media processing application on the engineer's computer. Using this vulnerability, the hacker removed the code of a program that allowed them to install a keylogger that would allow them to steal employee master passwords.
Once in possession of the decrypted hoard, the hackers extracted all the data from it, including the decryption keys needed to access LastPass' servers, backup locations, and databases.
The hack came two months after the company previously announced a similar breach in which hackers obtained the personal information of some CITPASS users.
Although the company has not confirmed the leak of its user information, it has urged its apps to change the app's master password, as well as any passwords stored in it.
The company said it has opened an investigation to obtain more details and take appropriate steps to stop the attack and ensure it does not repeat itself in the future.
LastPass is a password management service that allows users to store and sync their passwords across devices and platforms. It also offers features like creating strong passwords and padding patterns. It has more than 25 million users worldwide.