On August, 2022, LastPass, a popular password management company, announced that it had suffered a data breach, while announcing that the attacker gained access to the company’s development environment and source code, but not any customer data or passwords were leaked.
However, Last Pass has now announced that the attacker using the information that was previously obtained, facilitated the November 2022 data breach. The company now stated that it had discovered unusual network activity on a third-party cloud service shared with Last Pass and, upon investigation, determined that an unauthorized party had gained access to a database containing user email addresses, password reminders, and cryptographically protected master passwords.
“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information,” LastPass said in a blog post.
LastPass assured its users that their passwords and sensitive data remained secure, as the company stores all data with strong encryption. Also, According to Toubba, the master password is never known to LastPass, it is not stored on Lastpass’ systems, and LastPass does not maintain it. However, the company recommended that users change their master passwords as a precautionary measure as the attackers might try to brute force their master password to obtain access to the stolen vault data.
The incident raises serious concerns about the security of password management systems, which are designed to store and protect sensitive data. It also highlights the importance of regularly changing passwords and using strong, unique passwords for different accounts.
In the wake of the data breach, if you are a Last Pass user, we as Boltonshield recommend that you should proceed in changing all of your passwords (including the master password) immediately and enable wherever is applicable a two-factor authentication. It is as a best practice that the passwords should be a long and high in complexity combining characters, symbols and numbers.
Additionally, while many store all kinds of information in secure notes such as bank accounts, cryptocurrency accounts, and account recovery phrases / codes, and other sensitive data. You should evaluate the content of your secure notes and data that LastPass automatically inserts in online forms and change what can be changed.
Overall, the LastPass data breach serves as a reminder of the importance of cybersecurity and the need for individuals and businesses to prioritize it in the digital age. It’s crucial to stay vigilant and take steps to protect sensitive data, as even the most seemingly secure systems can be vulnerable to attacks.
IS IT SAFE TO USE AN ONLINE PASSWORD MANAGER?
Password managers can be either offline or online, and each type has its own set of benefits and drawbacks. In this article, we will explore why offline password managers may be the better choice for some users.
First and foremost, security is a major concern for many internet users. Online password managers store your login credentials on a server, which means that they are vulnerable to hacking and other cyber attacks. If a hacker were to gain access to the server, they could potentially access all of the stored passwords, leaving you vulnerable to identity theft and other forms of fraud.
On the other hand, offline password managers do not store your passwords on a server, so there is no risk of them being accessed by unauthorized individuals. Instead, your password data is stored locally on your device, making it much more difficult for hackers to access.
Privacy is another important consideration when it comes to password management. Online password managers transmit your login credentials over the internet, which means that they are potentially susceptible to interception by third parties. This can be a concern for users who are particularly sensitive about their online privacy.
Offline password managers, on the other hand, do not transmit your passwords over the internet, so they are not subject to interception by third parties. This can provide an additional layer of privacy and security for users who are concerned about the potential risks of using an online password manager.
Convenience is another factor to consider when choosing a password manager. Online password managers can be accessed from any device with an internet connection, which can be convenient for users who frequently use multiple devices. However, this convenience comes with the potential risk of your password data being transmitted over the internet, as mentioned earlier.
Offline password managers, on the other hand, can be accessed from any device, even if it is not connected to the internet. This can be particularly useful for users who frequently use devices that do not have an internet connection, such as a laptop or tablet while traveling.
Finally, control is another factor to consider when choosing a password manager. With an offline password manager, you have complete control over where your password data is stored and who has access to it. This can be particularly important for users who are concerned about the security and privacy of their login credentials.
In summary, offline password managers offer several benefits over online password managers, including enhanced security, improved privacy, convenience, and greater control. While both types of password managers have their own set of risks and benefits, offline password managers may be the better choice for users who place a high value on security and privacy.