LastPass Data Breach: Change Your Passwords As Soon As Possible.
By: Mack Jackson Jr.
By: Mack Jackson Jr.
LastPass, the market leader in password management software, has confirmed that the encrypted password vaults of its customers were stolen due to a data breach that happened earlier last year. Customers of LastPass can save their passwords and other sensitive information in databases known as “vaults.”
In an updated blog post about the company’s announcement, Karim Toubba, the Chief Executive Officer of LastPass, said that the attackers got a copy of a backup of client vault data by using cloud storage keys that were stolen from a LastPass employee. This information theft was discussed concerning the company’s data breach disclosure. Hackers are infamous for using social engineering techniques to gain valid credentials from employees of firms, which is a common tactic. The “proprietary binary format” that stores the cache of customer password vaults contains unencrypted and encrypted vault data. This format is used to save the cache of client password vaults. However, the specifications of this proprietary format in terms of its technology and security were not revealed. This format stores data that has not been encrypted and data that has been encrypted. The data that has not been encrypted includes URL addresses stored in the vault.
LastPass says that customers’ password vaults are encrypted and can only be accessed with their master password, which only the customer knows. LastPass claims that this information is never shared with third parties. However, the business warned that the hackers responsible for the breach “may attempt to use brute force to guess your master password and decrypt the copies of vault data they acquired.” For this reason, we suggest you always use a passphrase rather than a single password for your master passwords.
According to Toubba, the hackers stole client data, including names, email addresses, phone numbers, and billing information. This personal identifiable information is valuable to hackers and scammers on the darknet.
Each password should be lengthy, difficult to guess, and unique to your website or online services. A password manager is an excellent way to keep track of all your passwords in one convenient place. Create a passphrase of at least 12 characters long with upper- and lower-case characters, numbers, and symbols. However, security breaches such as this serve as a reminder that not all password managers are made equal and that there are various ways in which they can be exploited or compromised.
If you have any reason to think that your LastPass vault has been broken like if your master password is weak or you’ve used it elsewhere, you must change the passwords you’ve saved there. Prioritize changing your account password in order of importance, beginning with your email, mobile phone service provider, financial institution, and online social networks.
If you’ve enabled two-factor authentication, hackers will find it harder to access your accounts (where a second factor is required, such as a phone pop-up or a texted or emailed code). Because of this method, it is important to start by protecting accounts with services that use two-factor authentication, like your email or cell phone provider.
This weekend on my TV show, I talked about the data breach at LastPass and gave the opinions of experts in the field. Before deciding on an alternative to LastPass, I read reviews written by security professionals. 1Password, Bitdefender, and Dashlane were the most commonly mentioned options. I also explain why and how you shouldn’t write down or record your passwords for safekeeping. Remember, using a password manager to encrypt your passwords with two-factor authentication is essential.
About the Author
Mack Jackson Jr. is the CEO of Vanderson Cyber Group. In the age of global cyber threats, Vanderson Cyber Group helps businesses protect themselves from cyberattacks by teaching them cybersecurity awareness. Vanderson Cyber Group uses state-of-the-art practices in security policy development and comprehensive employee training. One of the essential services is phishing simulation and compliance training, which keep employees up-to-date on the threat landscape. Vanderson Cyber Group also provides resources for cyber insurance, managed services, and legal representation. For more information: http://www.vandersoncybergroup.com