Are you using LastPass?

For several years, LastPass has been one of the password management software applications we’ve recommended. Recently, they announced they suffered a breach at one of their cloud storage facilities. That recent report was updated last week, and the breach is worse than what was initially reported. Here’s what you need to know and what you can do to protect yourself if you’re a LastPass user.

Before we dig into the breach, let’s preface the conversation. No solution is bulletproof. Password managers are still, despite their vulnerabilities, exponentially safer than using simple passwords that you hope to remember. Now onto the matter at hand.

The extent of the LastPass breach included both encrypted and unencrypted user data. The unknown attacker was extremely sophisticated and knew exactly what type of data they were looking for and where to dig to find it. This was no rogue hacker in their parent’s basement. Because of this, we have to assume the data they collected will be leveraged. While they may be using brute force attacks to decrypt the unencrypted data, like user master passwords, they could use what they have in other ways.

Be on the lookout for phishing scams specifically directed towards users. These attacks will likely include additional information scraped from social media sites. They could be emails that appear to come from friends. These attacks may come in the form of emails, direct messages to your social media accounts, or phone calls.

If you prefer to stay on LastPass, that’s fine, but be sure to change your master password and follow their complex password guidelines. Additionally, every where that it’s offered, at multi-factor authentication into your log on process. This added step makes it more likely hackers will skip you and move to the next, less protected prospective victim.

For additional information on the attack, please read here: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/