Lastpass Vault Leak

and what it means for you. Your credentials are not immediatley compromised, however you may want to act as soon as you can.

Lastpass Vault Leak
Photo by Emiel Maters / Unsplash

and what it means for you. Your credentials are not immediatley compromised, however you may want to act as soon as you can.

No need to panic, your passwords are safe... Atleast for the time being. The encryption on the password vaults that were leaked take years, if not decades to decrypt - even with most modern hardware.

While your passwords and usernames may be safely encrypted (even while in the hands of malicious users) some of your data isn't.

To summarize:

  • You will get a higher amount of phishing mails as usual
       - these may look like password reset attempts
       - or like account security information newsletters
  • There will be attempted login attempts emails from IPs abroad, these e-mails can also be a tool for phishing. Always go via the website / service itself and manage your logged in sessions from there.
  • If you chose a shorter master password, the vault is more prone to get brute forced.
Social hacking image
Photo by FLY:D / Unsplash

This entire incident however shows again, however safe such corporations will promise you for their service to be, you won't ever truly be safe from leaks and the like.

A good way to counter-act on such things is to use self-hosted options, Bitwarden (vaultwarden as a community edition), psono or any of the great ones out there.

If you're not in the game in terms of self-hosting, you can always opt for storage/application based password managers, here some examples:

Or... analog options. Those include password tables or just using a classical piece of paper and generating passwords by using word bridges.

I personally opt for self-hosting and password tables as a backup. There's different options for password tables / cards, so pick your own poison.

The option I show here, uses keywords to generate seeds of different table cards where you select a colour, and a keyword to randomly generate a password along with that.

TL;DR: You should probably change password manager provider, possibly enable 2FA and change important passwords.

If you got any questions or suggestions, be sure to let me know on Discord or Telegram.

Thank you for reading and merry christmas!