Lastpass Vault Leak
and what it means for you. Your credentials are not immediatley compromised, however you may want to act as soon as you can.
and what it means for you. Your credentials are not immediatley compromised, however you may want to act as soon as you can.
No need to panic, your passwords are safe... Atleast for the time being. The encryption on the password vaults that were leaked take years, if not decades to decrypt - even with most modern hardware.
While your passwords and usernames may be safely encrypted (even while in the hands of malicious users) some of your data isn't.
FWIW, here's what I told my employees re: the LastPass breach. Feel free to re-use without attribution.
— π΅πΉ snipe, lixo tΓ³xico βββββ (@snipeyhead) December 23, 2022
Hope it helps.
What a mess. pic.twitter.com/uAZVQ7JwHF
To summarize:
- You will get a higher amount of phishing mails as usual
βββ- these may look like password reset attempts
βββ- or like account security information newsletters - There will be attempted login attempts emails from IPs abroad, these e-mails can also be a tool for phishing. Always go via the website / service itself and manage your logged in sessions from there.
- If you chose a shorter master password, the vault is more prone to get brute forced.
This entire incident however shows again, however safe such corporations will promise you for their service to be, you won't ever truly be safe from leaks and the like.
A good way to counter-act on such things is to use self-hosted options, Bitwarden (vaultwarden as a community edition), psono or any of the great ones out there.
If you're not in the game in terms of self-hosting, you can always opt for storage/application based password managers, here some examples:
Or... analog options. Those include password tables or just using a classical piece of paper and generating passwords by using word bridges.
I personally opt for self-hosting and password tables as a backup. There's different options for password tables / cards, so pick your own poison.
The option I show here, uses keywords to generate seeds of different table cards where you select a colour, and a keyword to randomly generate a password along with that.
TL;DR: You should probably change password manager provider, possibly enable 2FA and change important passwords.
If you got any questions or suggestions, be sure to let me know on Discord or Telegram.
Thank you for reading and merry christmas!