LastPass Compromised
This week, LastPass posted more information about a recent compromise that impacted their customers, and it’s much worse than they initially thought. As reported by The Verge, hackers were able to copy customers’ databases. While these are encrypted, which should make it difficult for a hacker to actually see anything login info in your LastPass account, if you do not have a strong Master Password, it’s possible that they could brute force your password. Additionally, some reports have speculated that metadata, such as which sites the passwords were to, may have been compromised. This type of information can also be valuable, as specific information about you can be used in a Spear Phishing attack.
Using a password vault is important because it allows you to store and manage your passwords in one central location securely. This is especially important because it is common for people to use the same or similar passwords for multiple accounts, which can leave them vulnerable to security breaches. Using a password vault, you can create unique, strong passwords for each account and protect them with a single master password. This helps to reduce the risk of your accounts being compromised and keeps your personal information more secure. Additionally, password vaults often have features such as automatic password generation and two-factor authentication, which can further enhance the security of your accounts.
Unfortunately, this has been a bit of a pattern for LastPass this year, and at this point, we recommend moving off of LastPass and rotating your passwords. We recommend working with our partner, 1Password. 1Password is architected in an extremely secure way, and offers many great features.
If you would like to learn more about 1Password and how it can help your organization, or want some assistance migrating off of LastPass into 1Password, please reach out to us.