If you have been using LastPass, to store passwords, it’s time to change your passwords! The platform has confirmed that hackers stole it’s customers data in a data breach earlier this year. So, if you’ve used the platform, or any password manager, here is what you need to know about the LastPass password manager data breach.
What is a Password Manager and How Does It Work?
Password managers, like LastPass, are used to ‘securely’ store passwords so that you don’t have to remember them all. After all, the average user has 80-100 passwords. These platforms can be an app on your phone or tablet, a computer that stores your passwords, or a cloud-based system. Many users repeat passwords, or variations of their password, across multiple platforms. That means that if a hacker obtains this data, they can often use those passwords to access bank accounts, shopping, digital media, and more! So, password managers have gained popularity as a more secure way to store passwords. But, what happens when a password manager, like LastPass is hacked?
Hackers Are Relentless
For LastPass, the system is set up with data encryption that can only be unlocked with the customers master password, which is only known to the customer. However, recently, the company warned that hackers have attempted to use brute force or even artificial intelligence to guess your master password and decrypt the data in the vault. In addition, hackers stole massive amounts of customer data which may include names, email addresses, phone numbers and other important billing information. You can imagine how, with this information, bad actors can access accounts, impersonate you, or make purchases on your behalf. More importantly, hackers who have this data may place it on the dark web, so that other bad actors can utilize this data to hack your email or other accounts.
What You Can Do Now
If you stored your passwords in LastPass, or any password manager, the best thing you can do now is to change your master password to a totally new and unique password you haven’t used elsewhere. In addition, it may be wise to change your passwords on all platforms to ensure that data that was stolen is not used to access your accounts. In addition, it may be helpful to change the nomenclature of your passwords. For example, let’s say you use your dog’s name, in many variations, as a password (i.e. Jack2022!, Jack2000$, Jack2021?). You would want to change these passwords, and avoid using that name in future passwords. Remember, that if anyone gains access to your email account or cell phone account, they can often use two-factor authentication to verify a new password on any platform, so the priority should be to change passwords on email accounts, bank accounts, cell phone plan accounts.
How Businesses Can Protect Data in the Cloud
Unfortunately, the LastPass Password Manager Data Breach is just one example of the vulnerabilities and risks that can impact users. For businesses, cloud security is even more critical. Businesses must seriously consider endpoint security and password managers as part of their overall backup and recovery strategies. We discuss this topic in more detail in our Layered CyberSecurity article. Here at Conscious Networks, we often recommend a hybrid approach to popular password manager options including multi-factor authentication.
Technology today requires a balanced risk vs. reward approach to protect your data and Conscious Networks serves as a valued technology advisor to businesses of all sizes. We provide a holistic approach to technology that considers your users, your network, and your business initiatives. Contact us today to schedule an audit or review of your endpoint security or IT infrastructure.