While the hackers didn’t get any live data — as in up-to-date info, which is being stored and used in real time by LastPass servers — they did get their hands on backups. Since most people aren’t in the habit of randomly changing their passwords, in most cases these backups probably, maybe contain relevant information.
Here’s a list of the types of info which is confirmed to have been retrieved:- Company and user names
- Billing addresses
- Emails
- Mobile numbers
- IP addresses
Suffice to say, in some cases, the malicious third party may have their hands on a full package of user data. No good at all. But what about usernames and passwords — the main types of data, which the company handles?
Well, those have been stolen too; however, they remain encrypted. That means that thanks to LastPass’ Zero Knowledge architecture, the culprits won’t be able to figure any of them out, until they know your master password.
What should I do to keep my LastPass account safe?
At this point, the call to action should be obvious: change your LastPass master password, folks! And make sure to stick to the best password-related practices that the company has shared.As claims stand, if you were to utilize them, the hackers would need quote-on-quote “millions of years” in order to brute force — guess, but in IT terms — your passwords with current day technology.
Another thing that you should do is remain vigilant for social engineering or phishing attempts, even if you did change your passwords. These are often emails or DMs that try to convince you to give them your login info, through making you feel pressured to share.
This is your kind reminder that no respectable company out there would ever do that. If they do, you should definitely question their respectable-ness. And a good means of questioning is by double checking.For example, if — presumably — your bank calls and asks for your online banking information, try to postpone the call in order to call your actual, non-presumed bank, and ask them if they just called you to ask for that info. The answer will likely not be shocking.
This image is here primarily for ironic and comedic purposes, due to its text.
So given that this December is starting to feel like a rerun of last December (when LastPass users reported odd login attempts), we’ve got to ask: what is the company doing in order to prevent future mishaps? Well, they’ve been transparent regarding this too.Honestly, they are doing the best possible thing: eliminating everything that has something to do with the stolen know-how and rebuilding a brand new system from scratch, with enhanced protection and alert mechanisms.
LastPass CEO Karim Toubba stated that as of now, there is no need to take further action. They even go as far as saying that if your current master password complies to the aforementioned best practices, you can even go on without changing it.
But, though the nature of life is such that few things remain consistent over time, one thing always does: better safe than sorry. We strongly recommend that you familiarize yourself with how to build a strong password and utilize that knowledge to its full extent.
View Full BioStan, also known as Stako, is a smartphone enthusiast who loves exploring the limits of Android customization. His journey with mobile tech began with the Nokia 5110 and evolved with devices like the BlackBerry 9350 Curve and Samsung Galaxy A4. Despite his love for Android, he holds equal respect for Apple, considering the iPhone 4s as a significant milestone in mobile tech. Stan started his writing career early, contributing to MetalWorld, and harbors a passion for creative writing. Beyond smartphones, he's interested in photography, design, composition, and gaming, often preferring solo projects to hone his objective thinking. He's also an avid student of open-source technology and consoles, with a special fondness for the Pebble Watch, Arduboy, and Playdate.
ncG1vNJzZmivp6x7sbTOp5yaqpWjrm%2BvzqZmp52nqHyktMCnnp5lqaTCs3nLmqqtqJGowG65wKyrnqpdpa60v9aoqZ1lo5qwtr7IrbBmoZ6YtqWxza1knKeem7azucSdlqKcYWmBdYCY