One of the most well-known password organizers in the world, LastPass, experienced a significant data breach in December, putting the online passwords and personal information of its users at risk. Time is running out if you still haven’t changed your passwords.
On December 22, LastPass CEO Karim Toubba admitted in a blog post that a security breach the business first disclosed in August ultimately resulted in the theft of crucial vault data and customer account information by an “unauthorized entity.” The most recent issue is in a long and alarming line of security occurrences affecting LastPass that stretch back to 2011.
It’s the most concerning as well.
Specifically, LastPass usernames, company names, billing addresses, email addresses, phone numbers, and IP addresses were among the unencrypted subscriber account information that the unauthorized person could access, according to Toubba. The data from client vaults, which includes both encrypted and unencrypted information including usernames and passwords for all the websites that customers have saved in their vaults, was also stolen by the same unauthorized entity.
If you use LastPass, you should consider switching to a new password manager due to the seriousness of this breach, which puts your passwords and personal information in danger.
What should LastPass subscribers do?
The business didn’t say how many people were impacted by the breach, and when CNET asked LastPass for more information on the incident, they didn’t respond. However, if you use LastPass, you must assume that your user and vault data are in the possession of an unauthorized person who has bad intentions. Despite the fact that the most critical information is encrypted, the threat actor can still conduct “brute force” assaults on the stolen local files. If you’ve adhered to LastPass’s best practices, it would reportedly take “millions of years” for someone to guess your master password.
If you haven’t changed your individual passwords, or if you simply want complete peace of mind, you’ll need to put in a lot of time and work. Additionally, you should probably stop using LastPass while you’re doing that.
Keeping that in mind, the following is what you must do immediately if you are a LastPass subscriber:
- Look for a fresh password manager. Given LastPass’ history of security issues and the seriousness of this most recent leak, it’s more important than ever to look for an alternative.
- Immediately change your most crucial site-level passwords. Passwords for anything, such as online banking, financial information, internal company logins, and medical data, are included in this. Make sure the passwords you choose are both secure and original.
- Modify each and every password you use for other websites. Change your passwords in the order of significance here as well. Change the passwords for accounts like email and social media profiles first, and then go back and change the passwords for accounts that might not be as important.
- Whenever practical, enable two-factor authentication. After changing your passwords, turn on 2FA for any online accounts that support it. Warning you and asking for your permission before each login attempt, this will give you an extra degree of security. This implies that even if someone manages to guess your new password, they shouldn’t be able to access a particular website without your secondary authenticating device (typically your phone).
- Modify your primary password. Even while the threat level to the stolen vaults has not changed as a result, it is still wise to take precautions against any potential future attacks, assuming you decide to stick with LastPass.
LastPass alternatives to consider
- Bitwarden is a highly secure open-source alternative to LastPass and CNET’s top password manager. You can use Bitwarden’s password manager on an infinite number of different sorts of devices with its free tier. Check out our Bitwarden review.
- Another great password manager that is cross-platform compatible is 1Password. Although 1Password doesn’t have a free tier, you can check it out for 14 days without cost.
- An excellent free alternative to LastPass is Apple’s built-in password manager for iOS, iPadOS, and MacOS devices called iCloud Keychain. All of your Apple devices can easily and securely sync using iCloud Keychain. Additionally, it provides a Windows client that works with Chrome and Edge web browsers.