• Home
  • Things You Should Know About the LastPass Breach

Things You Should Know About the LastPass Breach

LastPass Breach Things You Should Know West Michigan Tech Support
02Jan

Things You Should Know About the LastPass Breach

In August 2022, LastPass experienced a data breach. In light of the developing situation, at Hungerford Technologies we understand you may have questions regarding the security of your passwords. For those who don’t know, here is a quick summary of what happened with the LastPass breach.

What Happened in LastPass Breach?

LastPass experienced a data breach and, at the time, informed its customers of unusual activity that might affect the security of their stored passwords and information.

After a monthslong investigation, LastPass concluded that a threat actor was able to access and copy a backup of encrypted customer vault data. Because the data is encrypted, LastPass determined it mathematically would take millions of years for generally available password-cracking technology to guess a password for customers who follow LastPass’ best practices. Those best practices include using a minimum of 12 characters, using a mix of character types, not reusing passwords, etc.

You can read more about the breach here.

This breach does not affect customers who have business accounts that are federated, meaning the key to unlock your vault is split in two and only half of it is stored with LastPass. Hackers with access to the LastPass half also would need to breach your company to get the whole key necessary to see your passwords.

This breach only affects personal accounts or business accounts that are not federated.

LastPass said it notified a small subset of business customers that are not federated to recommend they take certain actions.

Should I Change My Master Password?

Yes, but not necessary for those who have followed LastPass’ best practices.

If you have used your master password for other accounts, then you absolutely should change it immediately.

Changing your master password would ensure your vault remains safe from any future password guessing. However, LastPass stated it would be extremely difficult to brute-force guess master passwords for those customers who follow their best practices.

Fortunately, LastPass does not have access to your master password, and it is not stored or maintained by LastPass to protect its customers from incidents like this.

Should I Change All My Passwords?

Yes, but with some caveats.

It’s up to you to determine your risk tolerance. There is a chance the bad actor already cracked your vault and can see every one of your passwords. But it’s an old copy of your vault, so any passwords you change now would not be visible.

Consider prioritizing the accounts that contain financial or personal information — such as bank accounts, digital payment apps (Venmo, Zelle, PayPal), retail websites, health systems, etc. — when deciding what passwords to change.

With that being said, we understand some customers have more than 100 passwords and changing every single one would be a long and tiresome process.

Should I Delete My LastPass Account?

No, while it’s unfortunate this happened, there is no obvious indication that LastPass was doing anything objectively irresponsible with your data.

The IT security industry recommends an assume breach mentality, which assumes cyberattacks not only will happen, but information already could be compromised. This proactive approach allows security firms to identify and address potential threats to better protect you.

When companies fall victim to data breaches, they generally come back stronger because they address the gaps in their security coverage. Not only will they address the security issues they know of, but they also will attempt to address future security issues, so they are more prepared the next time an attack happens.

This is not a LastPass-specific problem. It likely was targeted for being one of the biggest and most well-known password managers available, but that doesn’t mean smaller password managers are safe. Switching to another password manager is a lot of work, and there is no way to know which one will suffer a breach next.

West Michigan IT Support From Hungerford

If you have any other questions regarding the LastPass breach or password managers in general, please contact us here or call our team directly at (616) 949-4020 with your concerns.

Get Support

Share this post

Related Posts

Critical Applications Grand Rapids Managed IT Services
04Apr

How Do I Identify My Critical Applications?

Critical applications are essential for business continuity. If a business-critical... read more

Our IT Services Grand Rapids Managed Services
02Apr

Is Your Organization an Ideal Fit for Our IT Services?

As we’ve previously outlined, there are several things to consider... read more

Grand Rapids Technology Alignment
21Feb

What is the Value of Technology Alignment?

Companies are relying on IT more than ever. While IT wasn’t... read more

Upgrade, Repair, or Replace My Computer Support Grand Rapids
16Feb

Should I Upgrade, Repair or Replace My Computer?

You’ve likely run into this situation once or twice before.... read more

Submit Employee Onboarding Requests Through HT Support App
08Feb

How to Submit Employee Onboarding Requests Through the HT Support App

Hiring is complicated, and after all the resumes, background checks... read more

Employees Using a Personal Computer to Access Work Data is a Bad Idea
02Jan

Employees Using a Personal Computer to Access Work Data is a Bad Idea

Remote work probably isn’t going away anytime soon. And because... read more

Recommended Replacement Timeframe For Computers Grand Rapids Tech Support
21Dec

Why is 3 to 5 Years the Recommended Replacement Timeframe for Computers?

Computers are essential in today’s workforce; unfortunately, they have a... read more

Grand Rapids MSPs Use Ticketing Systems
16Nov

Why Do MSPs Use Ticketing Systems?

If you’ve ever had to contact your managed service provider... read more

How Do Data Breaches Happen?
21Sep

How do Data Breaches Happen?

You’ve no doubt seen news coverage of big-scale data breaches.... read more

Lifespan of a Computer Support West Michigan
11Sep

What is the Average Lifespan of a Computer?

Aging computers not only are frustrating to use, but they... read more