Published: December 14, 2022 on our newsletter Security Fraud News & Alerts Newsletter.
Last month, the password management company LastPass issued a communication informing users that their team had become aware of a data breach. It stated that user information was exposed to a third party. According to the company, that information did not include customer’s encrypted passwords. However, it’s another glaring reminder that how we manage our passwords matters.
LastPass became aware of the breach due to their security team noticing what they are calling “unusual activity within a third-party cloud storage service.” Yes, the third-party is to blame. This Cloud storage service is currently used by both LastPass and its affiliate company GoTo. LastPass confirmed that it has launched an investigation into the incident which it claims was as a result of information obtained by the threat actors who had previously breached security during August 2022.
Sadly, once you give information to another entity, there is little you can do to protect it. That’s why using strong passwords, not sharing them with anyone, and changing them often is great advice. Of course, always be on the lookout for malicious links and attachments that end up in your email inbox, coming through your phone line, or in texts. Use technology. Just use cyber-smarts to make sure you lower your risk of becoming a victim of fraud or identity theft.
Internal security resources at LastPass are being assessed by experts from Mandiant, a well-respected cybersecurity company (and a subsidiary of Google). Law enforcement has been advised of the incident, as well. However, what neither of these investigative teams can do is keep the accounts safe that were secured with the passwords stored with LastPass.
It’s cumbersome remembering all the passwords we need to these days. And password managers are not all bad. In fact, if you cannot figure out another way that works for you to remember your passwords, by all means, use one of these services. It is far better than using one password across multiple sites. While the master passwords were reportedly not accessed in this incident, should that happen, all of your passwords are at risk. That means you will need to change all of them. It’s important to know this when choosing how to keep track of them.
The company confirmed that LastPass functionality remains unaffected and that they have prioritized monitoring across the entire LastPass ecosystem. They’ve also deployed enhanced security measures to protect clients from further threat actor activity.
In the meantime, change your LastPass password and your master password...just in case.
Keep up to date: Sign up for our Fraud alerts and Updates newsletter
Want to schedule a conversation? Please email us at firstname.lastname@example.org