We don’t have exact details yet of how exactly they got in (the way LastPass have handled this incident has been less than transparent and very disappointing) but on 22nd December 2022, LastPass admitted that the unauthorised party had managed to gain access to their backup storage where they stored the encrypted backups of the password vaults of their users.Īs mentioned earlier, the honesty and transparency shown by LastPass relating to this incident has been poor and disappointing. This new breach was enabled by the information gathered in the first breach. In November 2022, LastPass again notified customers that an unauthorised party had gained access to a “third party cloud storage device”, compromising “certain elements” of its customer information. We were assured that it was contained and that no access to customer data was gained nor any access to anyone’s password vaults. LastPass alerted customers in August 2022 that an unauthorised party had gained access to “portions” of the LastPass Development environment via a compromised developer account. I will go into some fairly deep technical detail for those interested but please skip anything that you don’t want or need to understand but please do take note of the important bits around what you need to do to ensure that you are safe and protected as best as possible. I’m going to explain what happened to LastPass and what you need to do or be concerned about if you are a LastPass user or have ever been a LastPass user. Unfortunately LastPass suffered multiple security breaches in 2022, the first being relatively minor but the second one was much worse. LastPass is the most well-known of all the password managers out there and has been around for many years. This does put a lot of trust in the password manager you use. There are other ways to do it, but the fact is that a good password manager that syncs across the devices you use is really the best and most convenient way to ensure password uniqueness. Sites and services get breached every day and password managers are the best way to ensure that all your passwords are unique across sites so that when a site or service does get breached, that password you used on that site will not unlock access into any other site. Password managers have been a highly recommended part of a cyber-security plan for many years. I've had many questions around this topic and thought I'd write this article now as there is a lot of panic and "sky is falling" posts out there and wanted to give people some advice based in their actual risk exposure. I've been waiting for a while to see if LastPass released any additional information around this breach, but they've been disappointingly quiet.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |