This is why it's essential to use your password manager correctly. So, any passwords you had stored during the hack could be susceptible to a hack. Yikes! While changing your master password is still a good idea, it does not protect the vaults currently in the hacker's possession. But, do you know what's missing from this advice? That only protects you in case of future breaches. In my previous post, I told you to change your master password to harden the protection of your password vault - especially if you didn't have a strong master password. And hopefully, I'll continue to earn your trust in doing so. Yes, I'm leaving the update intact - I believe in transparency. I should've stopped at the recommendation removal because the rest of my advice was wrong. I provided some advice on how current LastPass users should respond. Once the most recent details on the breach were released, I quickly updated my post, removing LastPass as a password manager recommendation. In a previous post, " Useful Software Subscriptions for the Techy in Your Life," I placed password managers on the list of software subscriptions worth spending your hard-earned dollars on. So, excuse me while I pull my foot out of my mouth. Whew! The last one is the real doozy! I Gave Some Bad Advice They admit to not understanding the full nature of this information but lay out plans to continue their investigation until they do.ĭecemLastPass informs customers that the third-party threat actor was not only able to pull unencrypted data from customer vaults like emails and website URLs, but they were also able to "copy a backup of customer vault data from encrypted storage container." NovemLastPass updates its statement divulging that the information gathered during the previous breach allowed unauthorized parties to access "certain elements" of their customer data. It is separate from the production environment, the actual product people can visit online. Quick Tip: In the development space, a development environment is used to build and test a website or app. They ensure that the bad actor has no access to encrypted password vaults. They shared that the hack occurred over four days in which the development environment, segregated from production and customer vault data, was accessed. SeptemLastPass releases a more in-depth statement on the breach and the forensics investigation they performed with Mandiant. Read on for a summary of essential elements concerning the breach, along with advice for staying secure online.ĪugLastPass releases a statement that they'd "detected some unusual activity within portions of the LastPass development environment two weeks prior." They admit to a third-party actor gaining access to a compromised computer and taking source code and proprietary LastPass information. So sit back and get ready for some helpful insight! Watch the full podcast linked below for an in-depth discussion of online security. Not only will I detail the breach specifics and discuss Bitwarden as a worthy replacement-I'll also provide helpful tips on how you can bolster your cybersecurity practices. I'm breaking down what was discussed on the Twit Security Now podcast from January 3-"Leaving LastPass - How LastPass Failed, Steve's Next Password Manager, How to Protect Yourself," to help provide helpful information to those interested in online security but who may not have the ability or interest to follow complicated discussions about it. Since breaches happen regularly these days, we all need to know how to stay safe online and protect our data from malicious actors. I'm not an online security expert, but my job requires me to stay up-to-date on the latest cybersecurity news and trends, so I take protecting myself and my clients seriously. In this post, I'll be taking a deep dive into the LastPass hack and why I'm switching from LastPass to Bitwarden, an alternative password manager. I'm switching to Bitwarden because it's affordable, open-source, and easy to use.LastPass made two significant mistakes in handling this breach, ultimately penalizing their most loyal customers by not retroactively enforcing hardened security measures as the computing landscape changes.LastPass released a series of statements between August 25, 2022, to December 22, 2022, outlining a persistent attack on their product that started with breaching the development environment and leading to unauthorized entities obtaining encrypted customer vault data.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |