LastPass Hack: Is my data safe?

What is LastPass? A password manager system which runs on a subscription form. It functions by using software and can be in the form of a plugin or app.

What happened at LastPass? A primary hack took place in August 2022. Later, in December 2022, a secondary attack happened using intelligence gained during the earlier hack. This resulted in customer data being compromised. Specifics around what was encrypted or opened are vague.

Because of this, I have spent the past day changing all of my passwords managed in LastPass. Shopping, finance, social, sport. Every password has been changed as a result of the LastPass hack. Should you take action too?

According to their website, LastPass manage passwords for over 33 million consumers and 100,000 businesses. Read on if you are one of those.

Are my passwords safe? LastPass doesn’t know your passwords, as they are encrypted using your personal Master Password. Hackers would need to crack your Master Password to gain access to your passwords.

Can my Master Password be cracked? Yes. It’s a matter of how much time the hackers have. If your password was secure and of a good length, you’re less likely to experience problems. You should take immediate action if your password was weak.

How long will it take to crack my Master Password? Check here for an estimate, based on password length and complexity. If this is less than a month, you should take action: https://www.passwordmonster.com/

What should I do? For security and peace of mind, change EVERY SINGLE password in your LastPass vault. Do this soon.

What else was compromised in the hack? Your passwords are encrypted. Your other information may not be encrypted. LastPass suggest that usernames, URLs, telephone numbers and email address were not encrypted. This gives hackers a great source of information, even without your passwords. Be alert for phishing attacks and scams.

What happened at LastPass? A primary hack took place in August 2022. Later, in December 2022, a secondary attack happened using intelligence gained during the earlier hack. This resulted in customer data being compromised. Specifics around what was encrypted or open are vague.

Should I keep using LastPass? A quality password manager is essential. It increases your security which keeps your credentials and data safe. Passwords should be complex and of a good length. You cannot remember these in your head, which means you’ll write them down, or use a manager.

More information on the LastPass Data hack can be found here.

About the Author:
Jamie Steele is an Azure Data Architect here at Version 1.