LastPass is the world’s most popular password manager, used by more than 26-million people across the globe. They’re a pretty big deal in the world of cyber security, so when they get hacked people pay attention. And, according to this blog post released by the company, they just got hacked.
What Happened in the LastPass Hack?
According to CEO Karim Toubba, an “unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information.”
In a nutshell, one of the dev’s accounts got hacked and the bad actor got away with some of the company’s source code. This isn’t a great look for such a big player in the online security space, but it’s certainly not as bad as it could be. They’ve responded by containing the breach and there doesn’t seem to be evidence of further malicious activity.
What Didn’t Happen in the Hack
Passwords aren’t affected: LastPass works by generating a user an encrypted master password. This is used to sign into all your accounts, from any device. LastPass never knows what this password is and has no way of accessing it. They firmly state that this hack didn’t affect client’s master passwords in any way, account access hasn’t been compromised.
Vaults aren’t affected: To protect data with LastPass you put it into a ‘vault’. The company has a ‘zero knowledge’ policy, meaning they never have knowledge of your access details to the vault. Because the hack occurred in their development environment, they wouldn’t have been able to access any information only held by LastPass clients. So all vaults have maintained their security and the data is safe.
Another positive to glean from this situation is how LastPass have handled it. The fact that they were actually able to detect a hack had happened and source code was stolen immediately places them above many companies, who simply wouldn’t have clocked onto what happened. Their communication around disclosing it to the public has also been commendable.
For businesses around the world, this is another voice added to the choir of wake up calls around cybersecurity. Malicious parties are constantly seeking ways to exploit your systems and processes and the results can be at best expensive, at worst fatal to your business.
Stay on Top of your Password Security
We’ve spoken about this in depth here. Passwords are absolutely integral to maintaining online security. Many people choose to use password managers, but there are also a number of steps you can take yourself to keep your password safe:
Use MFA: Multi-factor authentication is the addition of extra layers of security to accessing an account. We should all be familiar with this now – an example is you input your password, then are prompted to input a code emailed or SMS’d to you. The two layers of security make it impossible for someone to hack your account unless they have access to your phone or email.
Use a strong password: Don’t use anything too obvious, like the names of people or pets or places in your life. Stay away from sequences and common words. You need to try and confuse the programs out there that hack passwords, so add numbers, special characters and random letters.
Don’t use public wi-fi: Those networks simply aren’t secure. Hackers exploit them all the time to try and take advantage of the weak security and steal credentials of network users. So don’t input any passwords when on a public wi-fi network… in fact we’d recommend using a VPN, or Virtual Private Network, to encrypt your connection when you’re on a public network.
Get in Touch with the Brisbane Cybersecurity Experts
If you’d like to learn more about how to make your password secure, Brisbane cybersecurity experts Smile IT would love to help. We’re at the forefront of bringing progressive online safety to businesses around Australia, helping you protect your clients’ data and your own systems and processes.
Get in touch and we’ll set your business on a path towards being a cyber fortress!
When he’s not writing tech articles or turning IT startups into established and consistent managed service providers, Peter Drummond can be found kitesurfing on the Gold Coast or hanging out with his family!