LastPass was hacked and your data could be at risk

by · October 19, 2022

LastPass was hacked and your data could be at risk

Your account is only as secure as your password. When was the last time you did a password audit? By changing the way you create and store passwords, you can reduce the risk of being hacked. Tap or click here for 10 password tips to secure your accounts.

A password manager is essential for modern internet users. These tools store and generate login information for all your devices and accounts. They can be installed as software or accessed via a website, browser extension or the cloud.

LastPass is a popular password manager that stores information beyond passwords, such as addresses, passports and credit cards. And if you’re a customer, we have bad news. It has been hacked. So what does this mean for you?

The attack

In a blog post, LastPass CEO Karim Toubba revealed that the company detected some “unusual activity within parts of the LastPass development environment” two weeks ago.

An investigation revealed that no customer data or encrypted password vaults were compromised.

The blog says an “unauthorized party” entered the system through a compromised developer account and took some source code and proprietary LastPass technical information. “Our products and services are working normally,” Toubba concluded.

See also  Ransomware gang used Microsoft-approved drivers to hack targets • TechCrunch

While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors stole parts of its source code and “proprietary LastPass technical information,” which could lead to compromises.

LastPass sent customers an email with the same blog post information.

RELATED: 3 security steps every small business needs to take right now

The response

LastPass contained the attack and hired a cybersecurity and investigative firm to investigate. According to the blog post, the incident has been contained, security measures were increased, and there is no further evidence of malicious activity.

The blog post included answers to some concerns that users may have:

Were any master passwords compromised?

Your Master LastPass password gives you access to everything in your account, including passwords, notes, and form fill items. LastPass says the incident did not compromise master passwords, as the company does not store or have knowledge of that information (this is an excellent example of zero-knowledge architecture).

Has any data in the vaults been compromised?

LastPass says the incident occurred in the development environment and there is no evidence that anyone accessed the encrypted vault data. The company put down a reminder that the zero-knowledge model only allows the customer to decrypt vault data.

Has any personal information been compromised?

According to the investigation, there is no evidence of unauthorized access to customer data.

What should be done?

LastPass says no users need to do anything now. The company links to a best practices page, which includes password tips and links to the LastPass Authenticator app.

See also  Blockchain 101: All the basics explained

We strongly recommend using multi-factor authentication for all your accounts and devices.

How to get more information?

“We will continue to update our customers with the transparency they deserve.” Not much help there. Tap or click here for the LastPass support page.

What we recommend

Even if your data wasn’t accessed, the hackers may have information that could expose them. Go ahead and change your master password ASAP. The instructions can be found here: support.lastpass.com/help/change-your-master-password.

In the market for a new password manager? Try this

Using a password manager is essential to securing accounts and information. Our sponsor, Roboform, saves your passwords with just a tap or click. Online shopping and logging in is easy thanks to the AutoFill feature.

Roboform is available for Windows, Mac, iOS and Android and supports popular browsers such as Chrome, Firefox, Safari, Edge and Opera.

Roboform uses AES 256-bit encryption and supports 2FA apps such as Google Authenticator and Microsoft Authenticator. Tap or click here for 50% off RoboForm Everywhere subscriptions for Kim Komando users. That’s just $11.90 per year!

Continue reading

6 hidden uses for password managers

5 warning signs that your Google account was hacked

Related posts:

  1. Numerous organizations were hacked after installing weaponized open source apps
  2. Crypto trading firm Wintermute loses $160 million in hacking incident
  3. Teams adds apps to conversations amid hacking concerns
  4. Hackers submitted CERB applications using 12,700 genuine CRA accounts

Tags:

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *