LastPass recently reported that hackers took more information than initially suspected after a breach in mid-2022. The company revealed hackers obtained source code and a copy of the backup of LastPass vaults. This is bad news all round, but particularly for those users who have not followed basic requirements for password strength.
Fortunately, those LastPass users with complex, secure passwords for their vaults can rest assured that their data is safe from brute force attacks, when hackers run through lists of stolen passwords until they get lucky. And if they have two factor authentication as an additional layer of security, the outlook is even better.
However, users who have not taken these simple, yet effective precautions should be more concerned about being breached and should immediately change their master vault password – see below for more information.
LastPass also announced in December 2022 that everything in users’ vaults is encrypted, except for:
- user’s email address
- company names
- end user names
- billing addresses
- telephone numbers
- last IP address used to access the LastPass vault
- URLs of all sites saved in the vault.
What do you need to watch out for?
With unencrypted information in the hands of thieves, they can consolidate the data into geolocations based on the last IP addresses. This allows them to adapt their phishing attacks, for example tailoring their approach for an Australian audience if that is what the IP addresses suggest. They can also group the URLs to focus their attacks on users who use certain services, or the thieves can sell the information.
Be careful of any e-mails claiming to be from LastPass or any other services you use. The same applies to phone calls. If you believe the email or phone call is legitimate, you should investigate independently. Don’t click on links or provide any of your personal details over the phone. If you receive a call, politely take down the caller’s name, employee number, and any other information they will share with you and hang up. Then, look up the contact number on the company’s website, or use the number stored in your address book, and use it to contact the service.
Moving forward!
If you are feeling unsure about the strength of your master password, consider updating it. Naturally, the master password on the backup will remain, but at least you will be better protecting your data vault day to day. For added security, use two-factor authentication (2FA). This serves as a double layer of protection and will give you even more peace of mind when using your device!
Then, review all your records saved in LastPass and update the passwords. If you have 2FA activated, and want to be extra cautious, you can reset the 2FA generation. A different set of digits will be generated to those in the backup vault records.
Feeling unsure about LastPass?
Martarna offers password management services through an expert partner, Keeper Security. Not only do users enjoy the convenience of access across devices and platforms, they also get annual cyber awareness training to arm them against security threats. As part of their service package, clients can count on each account to be set up with 2FA for added protection against malicious hackers. Click to read more about how Keeper protects your passwords.
Keeper Security encrypts your vault on three levels: each record is encrypted with its own uniquely generated key; each folder is encrypted with another uniquely generated key; and the vault is encrypted with another uniquely generated key. No meta data, such as email addresses, URLs, phone numbers, last IP address, are left unencrypted.
To find out more, contact Peter at info@martarna.com.au.
