LastPass has been under a lot of scrutiny this year after a major breach in August of 2022.
LastPass first official statement stated:
“[A]n unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account.”
A follow-up announcement about a month later was similarly inconclusive:
“[T]he threat actor gained access to the Development environment using a developer’s compromised endpoint. While the method used for the initial endpoint compromise is inconclusive, the threat actor utilized their persistent access to impersonate the developer once the developer had successfully authenticated using multi-factor authentication.”
In a nutshell, LastPass isn’t being really clear as to how someone got in and compromised your vault which includes your passwords, emails, usernames, credit card data and much more. But at this it is clear that the threat actors got in, stole what they wanted and came back later.
If you utilize LastPass you have been breached, period.
If you believe that your account or personal information may have been compromised in a breach, there are several steps you can take to protect yourself:
Change your password: If you suspect that your password may have been compromised, it is important to change it as soon as possible. Use a strong, unique password that is not used for any other accounts.
Enable two-factor authentication: If it is available, enable two-factor authentication on your account. This will provide an additional layer of security by requiring you to provide a second form of authentication (such as a code sent to your phone) in order to log in.
Monitor your accounts: Keep an eye on your accounts for any unusual activity, such as unauthorized purchases or logins from unfamiliar locations.
Be cautious of phishing attacks: After a breach, scammers may try to trick you into giving away your personal information or login credentials through fake emails or websites. Be wary of any suspicious emails or links, and do not provide your personal information unless you are certain that the request is legitimate.
Consider credit monitoring: If your personal information, such as your name and Social Security number, was compromised in a breach, you may want to consider signing up for credit monitoring services. These can alert you to any suspicious activity on your credit report, such as new accounts being opened in your name.
You should have an IT professional audit your IT security immediately and you should have your critical business and personal systems audited routinely. If you need some help feel free to call us at (817) 835-8714.
Here to serve,