If You Use LastPass as Your Password Manager, You Need To Take Action Immediately
In August 2022, LastPass reported a security incident involving an unauthorized threat actor gaining access to a third-party cloud-based storage service, which the company uses to store archived backups of its production data.
More recently, on December 22, 2022, LastPass released an additional statement announcing that password hashes were likely included in the August 2022 breach.
As illustrated by Wired, “The breach also includes other customer data, including names, email addresses, phone numbers, and some billing information. And LastPass has long been criticized for storing its vault data in a hybrid format where items like passwords are encrypted but other information, like URLs, are not. In this situation, the plaintext URLs in a vault could give attackers an idea of what’s inside and help them to prioritize which vaults to work on cracking first.”
What Steps Do I Need To Take?
Since the breach initially occurred in August, threat actors have already had four months to work on cracking passwords.
If you have depended on LastPass as your password manager, High Touch recommends taking the following actions immediately.
1. Update Your Individual Account Passwords
Changing your LastPass password will only affect the current vault. With the breach, threat actors are believed to have copies of backup vaults. If your original master password is cracked, they can gain access to your stored passwords. It is imperative that you update all your affected accounts individually using password best practices.
2. Ensure MFA Is Enabled for All Accounts
Multifactor authentication (MFA) provides an additional layer of cybersecurity when accessing information online by verifying your identity using an alternate touchpoint. This extra layer of security helps prevent malicious users from hacking into accounts and accessing private data. Keep learning: What Is MFA Fatigue?
We Help Keep Your Business Safe.
Unfortunately, there’s no such thing as a 100 percent secure solution. With cybersecurity, education is one of the most important tools you can have in your arsenal—it’s critical to stay up-to-date with the latest news and trends in cybersecurity.
To learn more about the cybersecurity solutions High Touch offers for businesses, including Managed Cybersecurity and Security Awareness Training (SAT), contact us.
Notice of Non-Affiliation and Disclaimer
All information in this blog is for informational purposes only. The steps recommended are standard practice following a security incident similar to the one experienced by LastPass. High Touch is not affiliated, associated, authorized, endorsed by, or in any way connected with LastPass in any way.