More info: /ynuGVwiZcK- LastPass November 30, 2022 Customer passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture. When you’re done, migrate away from LastPass, then delete all your info in LastPass, then logout of all places you have logged in to LastPass, and then finally delete the account.We recently detected unusual activity within a third-party cloud storage service, which is currently shared by both LastPass and its affiliate GoTo. Go through accounts linked to that email and change any weak passwords. If you have a strong password for that website, brute force is unlikely. Any website where you have used that email as the username can potentially be brute forced. They can connect this email to all your websites. Secondly, they also have the contact information to your LastPass account itself - at minimum, they have the email you use to login to LastPass with. However, they have the URL of all websites you have stored in LastPass, so consider which of that information is sensitive by itself and if you can do any mitigation / preparation for it’s exposure. If you have a strong master password, you are not as exposed. Most important are accounts that you use to verify other accounts, like your Google, email, Apple account, etc. You’ll have to consider how to protect assets you had in secure notes (block credit cards, invalidate passport etc.), and start changing all your passwords.
If you had a weak master password, all your information is unfortunately at risk. To me, this is a full breach and I’ll immediately start migrating away from LastPass.Įdit: adding some suggestions to what you should do if you want to take any actions.
LastPass in their blog nonchalantly says that all “sensitive” data is secured, but which websites I have accounts at can be pretty darn sensitive in a lot of different cases. Attacker can link my account with all websites I have stored password for.
0 kommentar(er)
