Not very good news for many WCers, I'm afraid.
Luckily, Hankers saw this and had no qualms about waking me out of a sound postprandial slumber to bring this warning to you all.
It seems that a dev working on stuff for Lastpass got hacked, and portions of Lastpass's source code got lifted in the exploit. This happened two weeks ago, but Lastpass didn't see fit to warn folks of the possible repercussions of such a theft.
"LastPass CEO Karim Toubba says the company uncovered a breach where bad actors gained access to portions of the company’s source code and proprietary technical information through a single compromised developer account. As a boilerplate response, the company started an investigation (which is still underway) and deployed mitigation measures. It also sought the services of an unnamed cybersecurity firm to prevent such events in the future.
The company says LastPass services continue to operate normally and customer data as well as encrypted password vaults remain unaffected by the breach. The company adds that users don’t need to take any remedial action at this point." - Chandraveer Matha, Android Police
Truth is, this isn't the first breech Lastpass has had. Leaked master passwords occurred in 2021...again, not their fault, they maintained.
Anyhow, the article's author concluded that you might want to change password managers.
I'll save you ducking that: https://www.pcmag.com/picks/the-best-password-managers
Have a safer weekend...and thanks, Hank.