LastPass breach affects 25.6 million users

16 Jan 2023

In recent years, LastPass has become the go-to choice for those seeking a free and mainstream password manager. Unfortunately, the security service has recently disclosed a massive data breach that has left its 25.6 million users concerned. The company has yet to provide further information about the incident, including how many password vaults were compromised, how many users were affected, when the breach occurred, or what type of encryption was used to protect the vaults.

For those affected by the security breach, the situation is dire. LastPass has not responded to requests for comment about how long it will take attackers to crack the keys used to encrypt the stolen vaults. Furthermore, changing the primary password with LastPass won’t do anything to protect the compromised data.

To protect themselves, LastPass users should take extra steps, such as turning on two-factor authentication for as many accounts as possible and changing all of their passwords. It is also advised to switch to a different password manager, such as 1Password or Bitwarden. According to experts, LastPass has experienced a series of security incidents over the past few years and this latest breach is proof that the company has failed to provide secure credential storage.

Despite the concerning news, security practitioners emphasize that this situation with LastPass shouldn’t discourage people from using password managers in general. While it may be difficult to trust LastPass again, users should still change their vault passwords, turn on two-factor authentication, and change all passwords stored in their vaults.

Overall, the breach is a reminder of how important it is to take extra precautions when it comes to online security. LastPass users, in particular, should take all the necessary steps to protect their data and consider switching to a more secure password manager.

If you are affected, contact Brightstrike to improve your security posture.