Protect Your Passwords: How to Stay Safe After the LastPass Security Breach
Key Points
- LastPass experienced a significant cybersecurity breach in 2022, with hackers accessing their cloud infrastructure and copying the password vault database.
- LastPass customers should take action to protect their data.
- Switching to an alternative password manager, such as Keeper, can provide users better protection.
- Organizations must monitor their networks and software solutions to ensure they remain secure.
In December 2022, LastPass notified their customers of a cybersecurity incident that put confidential data at risk. The affected customer data included encrypted information such as passwords, usernames, and unencrypted website addresses. The breach also included other customer data, including names, email addresses, phone numbers, and billing information. GoTo, the remote collaboration and IT software company that owns LastPass, also confirmed that hackers stole customers’ encrypted backups.
The breach was a significant setback for LastPass, which was previously considered one of the most secure password managers on the market. Initially, LastPass wasn’t clear on how the breach happened and what data had been stolen. After further investigation, it was discovered that hackers had accessed LastPass’ cloud infrastructure and copied their entire customer password vault database. What does this mean for you? If you use LastPass, you have likely been affected by this incident, and taking action is essential.
Change Your Master Password for Your LastPass Account
Accessing any encrypted data stored by LastPass requires the hackers to enter a user’s master password. While there were password guidelines in place to make sure your master password was challenging to guess, the risk of a cybercriminal uncovering your password is still there based on the strength of the master password. While LastPass continues to state that they believe their encryption will keep your data secure, we know there is still a chance more data can be decrypted. With access to password vaults, hackers have plenty of time to figure out ways to crack passwords.
This is why we are recommending that you change your master password and make sure that it is complex. We recommend mixing upper and lowercase letters, numbers, and special characters when creating complex passwords. As tempting as it may be to use the same password across multiple accounts, we suggest you do not make your master password the same as any other password you use, even if it is complex.
Change All the Passwords in Your Password Manager
Changing your master password is only one of the many steps you will have to take to protect more of your data from landing in the wrong hands. You should also make sure to change any other passwords that may have been stored in LastPass, such as website logins, banking accounts, and other applications. It can be scary to think about the type of information hackers could gain access to if they have your passwords, so it’s best to take action and change any of the other passwords.
As we mentioned, unencrypted information like URLs and notes were stolen in the breach, which leads us to believe that any accounts you stored in LastPass could potentially be targeted if it has not happened already. If a cybercriminal gains access to your password vault, which accounts would you be most concerned about? Whether the accounts are email accounts, banking accounts, or social media accounts, change all passwords to ensure no one can gain access. You can make a priority list and change passwords for the accounts you are most concerned about. One good thing that LastPass does is show you when a password was last changed, so this should help you stay on track as you update all of your passwords.
Change Your Master Password Recovery Questions
We also recommend changing your master password recovery questions if you are concerned about your data. If a hacker were to gain access to your master password, they might also be able to guess the answers to your recovery questions if they were similar or easy to guess. Since notes were exposed to the hackers, they may have had access to information about you that could help them answer the questions. Update your recovery questions with only things that you would know.
Another concern about this breach is the potential for LastPass users to be targeted in phishing campaigns. The hackers can use the information from the breach to send phishing emails. They can even use your name and key details about you stored in LastPass to make their phishing attempts hard to detect. Stay alert for suspicious emails, and never click on links or download files from unknown senders.
Look for a New Password Manager
Sometimes, the best way to stay safe after a data breach is to look for an alternative. Instead of staying with the same provider and hoping nothing terrible will happen, it may be best to find a new provider. Researching the security measures of different providers and asking how their data is stored is an excellent way to ensure that your data is safe.
Keeper, a leading password manager, provides users with an easy and secure way to store and organize their login credentials. With its advanced security protocols and zero-knowledge architecture, Keeper is a more secure alternative to LastPass. It allows users to rest easy knowing that their data is protected and accessible only to them.
Keeper works on Windows, Mac, iOS, and Android devices, and your data will be encrypted before it leaves your device. So, if a cybercriminal does gain access to your account, they will not be able to read your data. With Keeper, you can be sure that your passwords are secure and encrypted. The added security features of Keeper give it an edge over LastPass and make it an excellent choice for those looking to move on from LastPass.
The security of your data should always be a priority. If you are worried about the LastPass data breach and its lasting impact, you must take steps to secure your data. Your actions can help you protect your accounts and stay safe from cybercriminals.
Wrapping Up
The LastPass breach reminds organizations of all sizes to vigilantly protect login credentials with strong, unique passwords and verify identities through multi-factor authentication whenever possible. To improve security measures even further, master password reuse policies should be enforced to prevent the potential disasters of using the same login credential on multiple websites. Data breaches are not going away, so we must do our best to protect ourselves and take action when necessary. All of these best practices can help protect you against future breaches.