LastPass gets passed

lastpass-logo-e1592090798334

Our team is letting you know that in August one of the world’s most prominent password managers, LastPass, confirmed that it had been hacked. According to the company, unknown hackers stole “portions of source code and some proprietary LastPass technical information” but not its unstored master passwords or customer data.

The breach came from a LastPass developer account, through a compromised development server.

The company boasts it has 25 to 33 million users and 10,000 companies, all of whom use a master password to log in to the company account. Businesses also use LastPass and their employees likely have a Master Password. Since LastPass doesn’t store your MP, there is no access to your personal data.

LastPass states that the integrity of the Master Password is intact given they never store it. The breach is reportedly contained, and there is no further evidence of malicious activity. It’s an embarrassment for LastPass, without a doubt. But the incident doesn’t place their customer’s online accounts or passwords at risk. 

Other LastPass breaches

Initially, in 2021, LastPass users reported that their master passwords had been compromised after receiving email warnings that someone tried to use them. 

For the record, LastPass experienced a security breach in 2015. Cyber attackers gained access to users’ email addresses, password reminder questions, server per-user salts, and hashed master passwords. 

Are Password Managers safe?

Password managers provide strong encryption, which is a strong defence against cybercriminals. Many password managers have strong encryptions like AES, the industry-standard protection the US government uses to protect sensitive data. I won’t recommend you change your password manager; that is up to you.

“It will take time to fully determine the extent of any damage that may have been as a result of the breach. However, for now, it appears to not be client-impacting,” reads the LastPass statement. 

In the meantime, you can download our interactive mobile app, FRAUDSTER, available on Apple and Android. Keep up to date on incidents. You can learn more at www.FraudsterApp.com 

Terry Cutler

I’m Terry Cutler, the creator of Internet Safety University, an educational system helping to defend corporations and individuals against growing cyber threats. I’m a federal government-cleared cybersecurity expert (a Certified Ethical Hacker), and the founder of Cyology Labs, a first-line security defence firm headquartered in Montréal, Canada. In 2020, I wrote a bestselling book about the secrets of internet safety from the viewpoint of an ethical hacker. I’m a frequent contributor to National & Global media coverage about cyber-crime, spying, security failures, internet scams, and social network dangers families and individuals face daily.