More than 33 million people use the password manager LastPass worldwide, and it recently had a hacker infiltrate its servers and take sensitive data and source code.

According to a blog post on Thursday, the business doesn’t think any passwords were obtained as part of the breach, and customers shouldn’t need to take any action to secure their accounts.

According to an inquiry, a “unauthorised entity” gained access to its developer environment, which is the software used by staff members to create and maintain the LastPass product. According to the company, the criminals were able to enter the system by using a single compromised developer’s account.

The organisation that was attacked is one that automatically creates and maintains complex passwords for a variety of user accounts, including Netflix and Gmail, so that customers don’t have to manually enter their login information. On its website, LastPass cites Patagonia, Yelp Inc., and State Farm as clients.

According to the cybersecurity blog Bleeping Computer, it questioned LastPass two weeks ago about the hack.

The “speedy notification” from LastPass impressed Allan Liska, an expert with cybersecurity firm Recorded Future’s Computer Security Incident Response Team.

“While two weeks might seem like a long time to some, it can take a while for incident response teams to fully assess and report on a situation,” he said. “It will take time to fully determine the extent of any damage that may have been as result of the breach. However, for now it appears to not be client-impacting.”

A request for additional comment from LastPass did not immediately receive a response.

On social media, there was suspicion that after stealing source code and confidential material, hackers might be able to get their hands on the passwords to password vaults.

“It is unlikely that the stolen source code will give the criminals access to customer passwords,” Liska said.

Follow on Google News