On December 22, 2022 LastPass released a statement regarding new details about a security breach they had experienced in August. Let’s dive into how you/your organization should respond to LassPass’ security incident.
Despite originally ensuring customers that there was no evidence any customer data had been taken, it seems that is no longer the case. LastPass states:
"To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service."
Obviously, this has major security implications for customers and businesses that work with LastPass to secure their various applications. LastPass has reached out to the accounts they think have been impacted directly, however regardless of whether you have been contacted by LastPass we recommend taking action immediately.
All of these steps can be taken within the LastPass application.
So how you respond to LastPass’ security incident is your decision but, if you decide to stick with LastPass then it is important to take these steps to reduce the likelihood of your vault being exposed. Passwords are your first line of defense so protecting them at all costs is imperative.
Details surrounding the LastPass security incident or forthcoming. These details are up to date as of January 3rd 2023. You can read LastPass' full statement here.
CorpInfoTech can help your organization with being proactive rather than reactive - start with your humans. Check out CorpInfoTech’s simple Password Security blog that can be passed on to your employees. Password Security blog here.
Read more about LastPass Security Incident at CorpInfoTech’s blog: LastPass' December 2022 Security Incident
CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.