Hello folks,
Let me just say that the opinions that are in this article are mine. They don’t represent the security community as a whole, and its based on my feeling of the service and how i have my account set at Lastpass. This information is brand new that we’re reading about and digesting, and people may decide that its time to jump ship. With that said, let’s get started.
On December 27, 2022: komando.com wrote an article penned Major password manager hacked – What you need to know and it continues Lastpass’s investigation of the august hack in to one of their third party providers.
Let me say that I’ve taken the precautions I needed to take by making sure I followed best practices and a secure master password, so I don’t think that my data is at risk.
Don’t think for one minute that I could be wrong, but I do have a strong master password, I’ve got two factor turned on using their authenticator app, and I know they use strong encryption and the backups use that same encryption scheme.
Here’s what we know about the virtual storage that was accessed and the data it contained.
- • Company names.
- • End-user names.
- • Billing addresses.
- • Email addresses.
- • Telephone numbers.
- • IP addresses from which customers were accessing the LastPass service.
To add insult to injury, the database also included backups of our vaults. While that is concerning as it may contain sensitive information such as credit card numbers, website usernames and passwords, the fact that it can’t easily be decrypted and the fact that it is decrypted with an algorithm that includes our password makes me feel more secure about my data.
People may say that they don’t feel comfortable now that we know that our data may have in fact gotten compromised and that is a valid concern. As Steve said on one podcast, its harder to leave a password manager because another one may not include fields for all of the things you have in your vault. He also said that all password managers are pretty much ran the same way.
The article talks about watching out for Phishing attempts by phone, email and text. Since I’m aware of what to look for, I haven’t been fooled yet, although I was taken by scareware many years ago.
Here are a few things you can do to stay protected, according to the article.
- • Change your passwords regularly – Do this at least once every few months. If you haven’t done so, you should change your LastPass master password ASAP.
- • Never use the same password for multiple accounts – Through a technique known as credential stuffing, hackers use the same stolen passwords on different services, hoping to find duplications.
- • Where available, always use two-factor authentication – This additional security measure makes it difficult for hackers to break into accounts without the security code sent to your phone or an authentication app.
- • Protect your data – Remember that LastPass will never call, email, or text you and ask you to click on a link to verify personal information.
- • Antivirus is vital — Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com.
That’s over 85% off the regular price!
The JRN had Total AV tested and it is not accessible by computer but is accessible by IOS.
Again, this article is titled Major password manager hacked – What you need to know and I suggest you read this if you’re a lastpass customer. Please make your own decision based on your own needs. Don’t take what I say face value as your needs are different than mine.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.