I like to share tech and lifestyle information that helps us sales people enjoy the fruits of our labors and the better side of this short life we live. If you normally breeze by those, I plead you pay attention on this one in its entirety, and pay heed. Cybersecurity is my industry focus, and this is an issue that will affect all that use this service in a big way if not now, in the near future.
Millions of users' login credentials and personal information have been compromised and are in the hands of criminals.
If you've ever used LastPass, you should go ahead and change every single password you use. Start with your email, banking, investment, crypto & credit cards. And you need to take extra precautions right away.
The Last Pass Data Breach
LastPass disclosed that criminals had gained unauthorized access to the company's development environment, source code, and technical information through a compromised developer account in August 2022. In November 2022, LastPass provided more information, saying that some users' information had been leaked.
On December 22, a blog post by LastPass revealed the full scope of the breach by revealing that the criminals had used some of the information obtained in the earlier attack to steal backup data including customer names, addresses, phone numbers, emails, IP addresses, and partial credit card numbers. They also stole user password vaults that held both plaintext website addresses and domain names, as well as encrypted passwords.
How Easy Is It for Criminals to Break Your LastPass Master Password?
In theory, yes, it should be challenging for hackers to crack your master password. According to LastPass, "it would take millions of years to guess your master password using generally-available password-cracking technology," as stated in a blog post.
Criminals have had access to the encrypted LastPass password vaults for some time, and even though they are secure, they will be vulnerable to brute force attacks.
It would take minutes to try each of the half a billion most common keys on a single vault, and while only a small percentage of those keys would have the required 12 characters, it's likely that cybercriminals would be able to easily break into a good portion of vaults.
Since computing power is growing exponentially and motivated criminals can use distributed networks to aid in the effort, "millions of years" doesn't seem feasible for most accounts.
Is It Just Passwords That Were Compromised in the LastPass Hack?
Criminals can take their time breaking into your LastPass vault, which makes headlines, but they can take advantage of you in other ways by using your personal information. You WILL BE A TARGET for Identity theft, obtaining credit or loans in someone else's name, and spearphishing are all possible outcomes of such transactions.
After the LastPass data breaches, what precautions should you take to ensure your own safety?
In a few years, it's safe to assume that criminals will have cracked your master password and know all your other passwords. You should go ahead and change them right this second to something you haven't used before and that isn't found in any of the standard password databases.
You should freeze your credit and sign up for a credit monitoring service to keep track of any new credit card or loan applications made in your name in light of the other information thieves stole from LastPass. You should also change your number if doing so will not cause you undue hassle.
Just a public service announcement from your friends at ATD.