The GoTo-owned company announced on August 25 that unknown intruders had gained access to the LastPass development environment and stole “portions of source code and some proprietary LastPass technical information”.

At the time, the company posted a notice online, saying that no user data or master passwords were compromised in the incident, and that its products and services continued to operate normally throughout the incident.

In a September 15 update, LastPass provided additional information on the incident, explaining that the data breach was limited to the LastPass development environment, which does not store customer data, and which is physically separated from production.