How to Respond to LastPass's security incident

How Should You Respond to LastPass’ Latest Security Incident?

On December 22, 2022 LastPass released a statement regarding new details about a security breach they had experienced in August. Let’s dive into how you/your organization should respond to LassPass’ security incident.

Despite originally ensuring customers that there was no evidence any customer data had been taken, it seems that is no longer the case. LastPass states:

“To date, we have determined that once the cloud storage access key and dual storage container decryption keys were obtained, the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service.”

Obviously, this has major security implications for customers and businesses that work with LastPass to secure their various applications. LastPass has reached out to the accounts they think have been impacted directly, however regardless of whether you have been contacted by LastPass we recommend taking action immediately.

All of these steps can be taken within the LastPass application.

So how you respond to LastPass’ security incident is your decision but, if you decide to stick with LastPass then it is important to take these steps to reduce the likelihood of your vault being exposed. Passwords are your first line of defense so protecting them at all costs is imperative.

Details surrounding the LastPass security incident or forthcoming. These details are up to date as of January 3rd 2023. You can read LastPass’ full statement here.

CorpInfoTech can help your organization with being proactive rather than reactive – start with your humans. Check out CorpInfoTech’s simple Password Security blog that can be passed on to your employees. Password Security blog here.

Read more about LastPass Security Incident at CorpInfoTech’s blog: LastPass’ December 2022 Security Incident

CorpInfoTech (Corporate Information Technologies) provides small to mid-market organizations with expert I.T. services including compliance assessment, cybersecurity penetration tests, and comprehensive business continuity planning services. CorpInfoTech can help organizations, quantify, create, refine, and mitigate the risks presented by business threatening disasters in whatever form they may be disguised.

This website is for informational and educational purposes only and does not render professional advice nor is it a substitute for dedicated professional guidance from a competent and duly accredited cybersecurity professional specific to your needs and implementation. There is no endorsement of any kind for products or services listed on this website; it is entirely the readers responsibility to conduct appropriate due diligence and due care in selecting and engaging with any product or service.

Comments are closed

Learn More

Learn More