Lastpass has been hacked again! This incidence included a “backup of all customer vault data”. Lastpass provided a notice in which they have admitted they didn’t learn from being previously hacked:
“We declared this incident closed but later learned that information stolen in the first incident was used to identify targets and initiate the second incident.”
Lastpass has issued a detailed list of instructions which is a long way of them saying you need to make sure your Lastpass password is secure, as that password is used to encrypt your other passwords.
- If your Lastpass password is not secure, the hackers will easily gain access to all your passwords stored in Lastpass.
- If it is a secure password then you might want to hope the hackers wont guess it?
So either way if you want to be certain your accounts are secure you must reset the master password and every password stored in lastpass.
If you are going to go through the process to reset all your passwords, is it time to consider another password manager like BitWarden?
Or stay using Lastpass?
Lastpass has now added extra security measures but this does raise questions:
- Why do they need to restructure now for better security?
- Why are the backups not encrypted?
- Did they not learn from the previous compromises?
- Does Lastpass think protecting passwords doesn’t need to be very secure?
- There are gaps in their story so what aren’t they telling us?
If you want to talk to a Cyber Expert then contact the Vertex team.
Vertex Cyber Security provides Cyber Security advice and consultation to businesses of all sizes.