LastPass Password Management Service Unauthorized Breach and What You Can Do

If you use LastPass as your password management system, you should read this.

Toward the end of 2022  LastPass, a popular password management service, was compromised. An unauthorized party was able to gain access to LastPass cloud storage containing archived backups of customer data and encrypted password vaults.

The threat actor (the "hacker") copied customer vault data, containing usernames and passwords which would be accessible if they cracked the account's LastPass master password.

WHAT THIS MEANS
  1. If you have a LastPass account, all your saved credentials protected by your LastPass master password could be out in the wild.
  2. Please assume this is the case and take immediate action shown below.

WHAT YOU SHOULD DO

Change your LastPass Master Password
  1. You can do this by logging into your LastPass account, selecting Account Settings, and under the General tab clicking Change Master Password.
  2. Log back into LastPass with your new master password
  3. Additionally, of equal importance, please make sure to update and change all your passwords stored in your vault.
Enable Multifactor Authentication
  1. Navigate to Account Settings, and select the Multifactor Options tab at the top of the window.
  2. Under Multifactor Option, find the LastPass option. To the right under Action, click edit (pencil).
  3. Set enabled to Yes and click Update. Enter your new master password. Click the Enroll button when prompted.
  4. Follow the prompts to set up your LastPass Authenticator.
Now, once you've entered your master password log in information, you will receive an approval prompt on your smartphone.

Related Web Site : https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/


For more information, contact Henry Foss / (203) 254-4058 / hfoss@fairfield.edu