![]() ![]() Personally, I think LastPass has done a poor job of updating their customers and this is not the first security issue they have had. Finally you might want to change to a different password manager. Lastly, work your way through general websites ensuring you enable 2FA on sites that allow it – whilst you are going through this process you may as well strengthen your security position.ģ.Next up, change the passwords for apps that allow people to impersonate you such as email accounts, social media, CRM systems etc.I would obviously start with the high-risk ones first such as bank accounts, company finances, credit cards and anything containing personal information such as HR databases etc.REMEMBER… Ensure they are strong and unique passwords. I know this is a big ask but – will you sleep at night knowing hackers might be accessing any of your online accounts? If you don’t change this first and hackers do crack it, they now have access to your live vault. Your master password, all of the passwords in your vault and potentially your password manager. I believe the safe way to approach this is to change everything. What should I do to protect against the LastPass Breach? People give this information away freely in social media and so it is not difficult for hackers to piece the clues together to increase their chances of cracking your vault. If your password includes words such as the name of your kids, dogs, cats, spouse, football team, the year you were born and an exclamation at the end then I would start worrying. If you used a strong password with 20+ characters including a splattering of numbers and special characters, then chances are it will take a while to crack. ![]() The answer to this depends on how good your master password is. Realistically, how likely is it that they will get my passwords? If they manage to crack the encryption, they will gain access to all of your passwords and this could be devastating. The second concern is the fact that hackers now have your encrypted password vault. This is a perfect set of information for hackers to begin a socially engineered attack as described below. There are two potential threats here the first relates to the leaked usernames, company names, and email addresses. This means hackers know which websites you have accounts with and potentially they know your username for these sites, assuming you keep your username the same. One area of concern is the fact that the password vault stored the website links without encryption. Although these vaults are still encrypted it will now be possible for attackers to attempt to brute force the master password revealing your stored usernames and passwords. Customers password vaults have been downloaded by hackers. On December 22 nd LastPass posted an update which stated that the breach was MUCH more devastating. ![]() ![]() This includes LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses. Later updates then reported that unencrypted subscriber account information was leaked. Initial reports from LastPass suggested that a breach had occurred but that all customer data was unaffected. LastPass has suffered a few security breaches since 2011 but the most recent, reported in August 2022, is significant. In this article we will look at what has happened as part of the LastPass security breach, how this impacts business security and finally what you can do to fix it. It utilises an encrypted vault which should keep your passwords secure but recent information indicates that your vault is now vulnerable. LastPass is a password management application which allows you to store passwords for websites, applications and credit cards. LastPass security breach has caused a serious and very real security threat for businesses. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |