Get Started
Dec 1, 2022

Should You Be Concerned About The Nov 30 LastPass Security Incident?

Security breach, system hacked alert with red broken padlock icon showing unsecure data under cyberattack, vulnerable access, compromised password, virus infection, internet network with binary code

With so many security concerns such as keeping your private information secure from hackers, there has been various software implemented to help in securing your information in the most efficient way possible. One security software that many users have utilized is LastPass, a password manager that maintains passwords. Like many customers who use this software, we were notified of the security incident. Of course, like many other users, there is always a concern and worry about a potential security breach. However, with an in-depth conversation with the Infiniwiz’ engineers, I am relieved to tell you that your information is secure. Allow me to elaborate.

So, what is LastPass?

For more personal passwords, all your login information can be saved in a secure vault provided by the software. In fact, it is useful for managing login information for numerous services, like Netflix, Zoom, banking accounts, and many others. When using LastPass, you can also make notes for information you need to keep in mind, such as PINs, social security numbers, etc.

What happened?

In LastPass announcement on November 30, 2022, the company stated that they detected an unusual activity with a third-party cloud storage service. They also stated that as soon as they detected this activity, they “immediately launched an investigation, engaged Mandiant, a leading security firm, and alerted law enforcement” (LastPass).

With a thorough investigation, LastPass determined that “an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information”. The company concluded the announcement stating that they are working hard to understand the incident and identify what information has been accessed.

So, does this issue cause concerns for your private information?

Despite the fact that this information could make you quite anxious, LastPass is still a dependable software for password management for two reasons.

1. All customers’ passwords are encrypted

LastPass states that all passwords are safely encrypted due to its’ Zero Knowledge architecture. Zero Knowledge architecture makes sure that “sensitive data is encrypted at the device level with AES-256 before syncing with TLS to protect from on-path attackers”.

To elaborate on what encryption is, it is the procedure of changing data or information into codes called ‘cipher text’. The code will look something of this nature.

Many different letters, numbers and special symbols, and group of asterisks as secret password. Concept of strong password creating, password-protected data, information security encryption cipher text infiniwiz

This simply means that even if hackers were to gain access to a database, they would not be able to read any sensitive data, such as your credentials, and that only customer users may access that data.

2. LastPass is being transparent and taking action in solving the issue

Whenever a security event has occurred, LastPass has always been open about it and informed their users. For example, LastPass have been informing users of this security issue since August 25, 2022, where they updated users on an unauthorized user having access "to areas of the LastPass development environment” and the safeguards put in place to ensure that the hacker could not access any data.

Additionally, as stated before, not only does LastPass deploy enhanced security measures with their Zero Knowledge architecture, but they have involved Mandiant in the investigation, a company known as the creator of ‘Open Indicators of Compromise’ that identify cyber threats, security hackers' methodologies, and evidence of compromise.

Overall, LastPass appears to be mindful of the issue and is keen to ensure that the right steps are being taken to address it as quickly as feasible.

So, what should you take from this announcement?

While this may have been an alarming message to those who utilize this software, it is good to know that LastPass has the proper security measures in place to make sure that hackers have no access to your private information. Also, as a company who makes sure they are transparent with their customers, LastPass is still a good tool to use to manage your log in credentials.

To read more about LastPass, Infiniwiz has recently posted a blog, “Need Password Management? Infiniwiz is Here to Help” that elaborates on its usefulness of password security.

The Infiniwiz technical team in the Chicagoland area takes a proactive approach to your cybersecurity. We set up the right IT protocols and help you put in place the employee procedures that will keep your data and network safe from online hackers. However, make sure to do your part in staying alert. If you have any more questions, feel free to contact us!

Technology Insights

Best ways to support small business IT

Best ways to support small business IT

Small businesses form the backbone of our economy, contributing to job creation, innovation, and community...
Read More
Navigating the Complex Landscape of AI in Cybersecurity

Navigating the Complex Landscape of AI in Cybersecurity

In today’s digital age, artificial intelligence has continued to evolve and integrate into various business...
Read More
Types of Cyber Attacks and How to Avoid Them

Types of Cyber Attacks and How to Avoid Them

Cyber attacks on businesses from all industries and sizes can result in devastating financial and...
Read More
chevron-down linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram