LastPass Breach What Should I Do?

LastPass Breach What Should I Do? After its latest security breach, LastPass, one of the world’s most popular password managers, is again getting a lot of attention. In a blog post just before Christmas, LastPass CEO Karim Toubba said that an unauthorised party stole customer account information and vault data because of a security incident first reported in August. This is the latest in a long line of security problems that have been happening with LastPass since 2011. It is also the scariest.

Toubba says that information like LastPass usernames, company names, billing addresses, email addresses, phone numbers, and IP addresses are now available to someone who shouldn’t have them. This same unauthorised person also has a copy of customer vault data, which includes unencrypted data like website URLs and encrypted data like usernames and passwords for all the sites customers have saved in their vaults. This should make you look for a different password manager if you pay for LastPass.

LastPass Breach What Should I Do?

LastPass did not answer CNET’s request for more information about the breach. The company did not say how many users were affected by the breach. But if you pay for LastPass, you should always assume that your user and vault information is in the hands of an unauthorised person who wants to harm you. Even though the most important information is encrypted, the threat actor can still use “brute force” attacks on the stolen local files. LastPass says that if you follow its “best practises,” it would take “millions of years” for someone to figure out your master password.

If you haven’t already, or if you want to be sure, you’ll have to put in a lot of time and effort to change each of your passwords. And while you’re doing that, you might also want to stop using LastPass.

Find a new way to store your passwords. Given that LastPass has had security problems in the past and this latest breach is so bad, now is a better time than ever to look for an alternative.

2. Change your most important passwords for sites right away. This includes passwords for online banking, financial records, company logins, medical information, and anything else. Make sure that each of these new passwords is strong and different.

3. Change every single other password you use online. Changing your passwords in order of importance is also a good idea here. Start by changing the passwords for your email and social media accounts. Then you can change the passwords for accounts that aren’t as important.

4. When you can, use two-factor authentication. Once you’ve changed your passwords, turn on two-factor authentication (2FA) for every online account that lets you. This will give you an extra layer of security by letting you know when someone tries to log in and requiring you to approve each attempt. Even if someone gets a hold of your new password, they shouldn’t be able to get into a site without your secondary authentication method (typically your phone).

5. Set a new master password. Even though this doesn’t change how dangerous the stolen vaults are, it’s still a good idea to help protect against any possible future attacks if you keep using LastPass.

Bio
Latest Posts

GSR

My name is Gourav Singh, and some of my favorite hobbies include watching movies and television series, playing sports, and listening to music. For my blog posts, I prefer to write about themes that are lighthearted and fun to read and write about. To keep things light and entertaining, I'll include funny observations on life or a summary of the most recent entertainment news. Check out my blog if you're in the mood for some light entertainment.