![]() ![]() And I bet you anything that someone is selling your database to someone else who will have a damn good go at cracking it. I would possibly go as far as being overly cautious and requesting new debit and credit cards too if you know you had a poor master password.īut - that still means that somewhere out there, someone has a copy of your password database. If you didn’t have a secure password, then the advice is to change ALL of your passwords, for everything. ![]() ![]() LastPass’s advice is that if you followed their best practice of setting a secure Master Password, then it is near impossible for them to get into your password database.Īnd that might be true - if they have a tonne of data then they’ll probably target those accounts that are easy to get into first. So if you are a LastPass user - or if you WERE a LastPass user then it affects you across both Business and Personal LastPass accounts. What Impact does it have on you as a LastPass User? Those of you who are saying that it’s a bad idea to store everything in one place, because if that one place gets compromised then you’re done for.Īnd unfortunately, LastPass has brought that point right home to roost. Now, this all sounds pretty bad because this is basically the worst-case scenario for a comment that I see almost daily throughout my other posts and YouTube videos. But still, many logins that I still wouldn’t want other people to have access to would be available. So still with all my Usernames, my passwords, and credit card information, though some if not most would have expired by now. Well unless you closed your account down, and you TRUSTED LastPass to actually remove your account properly - then yes, this does affect you.Īfter my paid-for account expired, it just reverted to a free account. Nah that’s cool - I used LastPass a few years ago but it doesn’t affect me now. Not that this won’t actually help with the current issue at hand, because the attacker already has a copy of your database from September 22nd, so your change won't affect the copy they’ve stolen.Īnd you might be sat there, much like I was - thinking. Something to also be aware of is that a few years ago LastPass updated the strength of the encryption being used to encrypt your password database from 5,000 to 100,100 which with some quick maths is over 20x more than it was before. The stolen data included Unencrypted Data, including your LastPass Username, the associated email address, LastPass account names, and URLs, along with encrypted information that includes usernames, passwords, notes, credit card, and form fill data.īasically, this means that they can easily see your account name, email address, and the URL associated with your account.īut, they can’t access your actual LastPass Username, master password, or any data stored within your LastPass vault.īUT - what that does mean, is that if you used an easy-to-guess Master Password on your account then it won’t take much time at all for someone to break into the backup copy of your account that they now hold. On September 22nd, someone broke into the backup system for LastPass and stole copies of data. So let’s tackle the question - in a non-technical way so that it’s easy to understand. And, if you're not using a Password Manager already, then stick around, because I'm going to tell you why you should be! In my opinion, it’s not that you should be moving to 1Password or any specific password manager - it’s that you make the right, well-informed decision that works for you. So I won't lie, this video I made about this breach is sponsored by 1Password and yes, there will be some discounted links at the bottom of this post to sign up to. All of them wanted to get their name out as the one password manager to migrate to from LastPass. Now, 1Password reached out to me and asked if I could make a video about the LastPass breach, and so did two other Password Managers. What Impact does it have on you as a LastPass User.įinally, how can you make sure this doesn’t happen to you? So this post is going to be broken down into 3 pieces. So when news of the LastPass breach broke on December 22nd, 2022 - it was kind of expected of me to say something. My name is Pete Matheson, and over the past few years, I’ve published a number of posts and videos around Password Managers, reviews, and comparisons, some of which are now the most viewed Password Manager videos on YouTube - which is just crazy. ![]() Image courtesy of authorīut what does it all mean, what impact does it actually have on us as individuals, and what should we learn from this? December of 2022 saw the biggest and most worrying hack of any Password Manager we’ve ever seen. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |