Executive Summary

LastPass Password Manager have announced that they have suffered from a security incident, from which elements of customer information was accessed using information obtained during the previous August 2022 incident. Due to the LastPass Zero Knowledge Architecture, master passwords remain safely encrypted.

What’s the risk to me or my business?

LastPass has not yet provided specifics on what customer data has been accessed with this breach, and recommend that users follow best practices for the setup and configuration of LastPass. Password Managers remain to be a strong cyber security control which helps to prevent the re-use of passwords, and promote the use of strong passwords for different accounts. Black Arrow continues to recommend the use of password managers such as LastPass, but will continue to monitor the situation and will provide updates as the situation unfolds.

What can I do?

While LastPass themselves do not recommend any action on the part of customers, as a precaution we would recommend that users change their master password and ensure that multi-factor authentication is enabled on their accounts.

Further information on this security incident be found here: Notice of Recent Security Incident - The LastPass Blog

Need help understanding your gaps, or just want some advice? Get in touch with us.

#threatadvisory #threatintelligence #cybersecurity