Lastpass Data Breach 2022

Customer Vault Data Stolen

Posted by EFS Network Management on December 27, 2022 · 2 mins read


Notice of Vault Data Stolen

On December 22, 2022, LastPass, a popular password manager, announced that it had suffered another security incident. According to the company, the incident occurred after another security incident in August 2022.

According to LastPass, the incident was limited to a single server, which was promptly taken offline and isolated to prevent further access. The data that was taken was “data that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. “

LastPass stated “The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data.”

LastPass has advised all users to change their master passwords as a precautionary measure. The company has also implemented additional security measures to prevent similar security incidents from occurring in the future.

Using strong, unique passwords and a password manager is essential to help protect against password-related security breaches. LastPass is a widely trusted and reputable password manager, and it is reassuring to see the company taking swift action to address the security incident and protect its users.

If you are a LastPass user, it is crucial to follow the company’s recommendation and change your master password as soon as possible.

In addition to using a password manager, there are other additional steps individuals can take to protect themselves online:

  • Enable two-factor authentication on all of your accounts whenever possible. Two-factor adds an extra layer of security by requiring you to enter a code sent to your phone or email and your password when logging in.
  • Alway avoid using the same password for multiple accounts. If one account is compromised, the attacker could gain access to your accounts if you use the same password.
  • Do not click on suspicious links in text or emails or download attachments from unknown sources. These could contain malware or phishing attempts.
  • Keep your software and devices updated with the latest security patches and updates.

Taking these precautions and being mindful of your online security can help protect yourself from potential security incidents and keep your personal information safe.