We are reaching out to advise you of a recent compromise in the LastPass password management software. On December 22nd , 2022, LastPass released information acknowledging an extensive breach of customer data.
According to LastPass, most of this data is encrypted, such as usernames and passwords. However, URLs used in passwords vaults are not. The hacker would still need a master password to decrypt all the stolen data, however, that increases the likelihood they will owners of unencrypted data they do have.
They can use the unencrypted data to launch targeted phishing attacks. Thus, many security firms have warned that hackers may try using leaked customer information to check the Dark Web for re-used passwords that may match master passwords.
To protect your credentials stored in LastPass, here are a few of the steps we advise that you take:
- Rotate any passwords and keys stored in LastPass
- Check for password re-use across your sites & services
- Enable MFA on everything
- Warn your users of an increased risk of phishing
- Pay careful attention to your accounts for breaches and suspicious activity
We are sending this to you today, because the story continues to unfold. We’ve received information indicating that some of the unencrypted data could be used for more than phishing.
This would also be a good time to do a 3rd-party assessment to find compromised passwords on the dark web. If you’re re-using passwords in your environment, there is a higher chance that your master password may get cracked.
On December 22, LastPass published a new blog post with further information about leaked customer information, saying that account information such as billing addresses, email addresses, end-user names, telephone numbers, and IP address info were obtained. Also leaked was customer vault data, which includes unencrypted data such as website URLs and encrypted data such as website usernames and passwords, secure notes, and form-filled data.
You can read more about the information lost in the company’s blog post, as well as its full explanation of what’s happened so far and the steps the company is taking next. If you’re a LastPass customer, your best protection is to use a strong random password that’s never been used elsewhere.
Remember to have multi factor authentication to all of your accounts in addition to complicated passwords
Double check all emails and text messages that have links or ask you to enter your credentials (username and password)
Always go directly to the source – never click on the link or phone the number
https://www.impresscomputers.com/sit... Are You A “Sitting Duck”? Small businesses are under attack. Right now, extremely dangerous and well-funded cybercrime rings in China, Russia and the Ukraine are using sophisticated software systems to hack into thousands of small businesses to steal credit cards and client information, and swindle money directly out of your bank account. Some are even being funded by their own government to attack small, virtually defenseless businesses. Impress Computers 21733 Provincial Blvd Ste 110 Katy TX 77450 281-647-9977 https://www.impresscomputers.com/dat…