Select Sidearea

Populate the sidearea with useful widgets. It’s simple to add images, categories, latest post, social media icon links, tag clouds, and more.

Recent LastPass Data Breach

Follow Us on Social Media!

LastPass Data Breach: What the company has said and what users should do.

LastPass, a popular password manager that we recommend to our clients, was recently the target of a cyberattack.

Here's some important information about the data breach:

On Thursday, December 22 – after extensive investigation – LastPass determined the malicious actor downloaded basic customer data including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.

Additionally, the malicious actor was able to obtain a backup copy of encrypted customer vaults (where passwords are stored).

LastPass recommends a minimum of 12-characters on your “Master Password” and not reusing the “Master Password” in any other places. If you’re not meeting this minimum guidance, you should change your “Master Password” and any passwords in your Vault.

Security Experts recommend changing your Master Password regardless of its length, and you should consider changing the passwords in your vault as well. The threat actor may try to brute-force decrypt your data.

Any accounts in your vault that have MFA enabled have an additional layer of protection as long as that MFA code is not stored in LastPass itself (which is possible). You may still want to update those account passwords as well.

Be on the lookout for Phishing emails that “look” like they’re coming from LastPass but are in fact coming from an attacker.  LastPass will never contact you seeking your master password. 

November 2022 Data Breach

On November 30th, LastPass detected some unusual activity within a third-party cloud storage service that they use – reporting that some customer data (excluding passwords) was stolen from their environment.

In response, LastPass immediately initiated an investigation, deployed containment and mitigation measures, engaged a leading cybersecurity and forensics firm, and alerted law enforcement.

After the investigation, it’s been determined that an unauthorized party, using information obtained in the August 2022 data breach incident (see below), was able to gain access to certain elements of our customers’ information.

LastPass has said it will continue to “deploy enhanced security measures and monitoring capabilities” to detect further threats to its infrastructure.

August 2022 Data Breach

On August 25th, LastPass suffered a cyberattack after an unauthorized party gained access to portions of the LastPass server infrastructure through a single compromised developer account.

LastPass has insisted that all user data or encrypted password vaults are safe and have not been compromised. Read updated statements here!

What Users Should Do:

Change their LastPass passwords as a precautionary measure.

Use a unique and strong master password. Make sure you’re not using personal information like pet names as part of your master password

Enable two-factor authentication

Make sure you have 2FA turned on protecting your LastPass vault.

The recent LastPass data breach is a reminder that this sort of thing happens far too often, and businesses need to have a comprehensive strategy for protecting systems and accounts.  (Also have a comprehensive disaster recovery strategy)

To learn more about how our strategic IT planning solution can help secure your business, fill out the form below or schedule a free consultation to talk with one of our IT experts.

Let's Chat! Contact Us Today.

Fill out the form below and one of our IT experts will be in touch with you shortly to discuss all your your IT needs.

Share This Article With a Friend!