LastPass User Alert: Immediately Protect Yourself!

The August 2022 LastPass breach has resulted in potentially catastrophic consequences for the company and some of its users. Attackers have made off with unencrypted customer data and copies of backups of customer vault data that contained customer account information and related metadata, including company and end-user names, billing and email addresses, telephone numbers, and IP addresses from which customers were accessing the LastPass service. CEO Karim Toubba assured users that the encrypted fields remain secured. 

LastPass says that if users follow best security practices, having a master password of 12+ characters and never using it for other accounts, setting up two-factor authentication, and changing passwords in the vault, current password-cracking technology will get attackers nowhere. The bigger danger, however, is social engineering attacks. The attackers have enough data for launching phishing campaigns impersonating other services. The company cautions users not to follow links provided in emails and always go to the service’s website independently. LastPass is saying that they are putting in place a host of additional layers of protection, but many users’ trust is likely gone.