Password Managers Do Not Offer Full Protection

When LastPass, a popular and long-trusted password manager, revealed that they had suffered a major data breach, the company’s 25 million users were potentially exposed on deep levels. The hackers got company names, end user names, billing addresses, telephone numbers, email addresses, and IP addresses that customers used to access LastPass, as well as website URLs from the password vault. Worse, the hackers got encrypted information: website usernames and passwords, secure notes, and form-filled data. LastPass has been accused of not taking the proper steps to protect its customers’ data. It did not employ some of the strictest industry protocols, nor did it keep up with the increased ability of modern graphics cards to crack passwords.

It is not surprising that cloud-based apps are vulnerable to breaches, but password managers are assumed to be solidly secure. When the tools that executives use to protect their company assets are the same platforms suffering from breaches – what is a company owner to do? Is anything safe?  The short answer is, no, probably not.

Transparency and Real-Time Alerts Make the Difference

The recent data breach is especially concerning for users because LastPass has not been forthcoming about what was exposed and for how long. It is likely that an initial breach, separate from the December 2022 hack, occurred as far back as August 2022, but the company has yet to clarify that. It is also unclear whether they were two separate breaches or just one long attack. What’s worse than being hacked? Not knowing exactly when you were hacked, or how badly,  and then sorting through the confusion of what to do next.

Users Should Take Immediate Steps to Protect Themselves

LastPass customers are advised to change their passwords and possibly switch to another password manager; there are a number of good options to choose from. They should ensure that an automatic cloud backup is not uploading their passwords. Other choices could be an offline password manager or an encrypted USB.  Any option, however, contains a window of vulnerability.

Threats Are Constantly Evolving

With cybercriminals constantly upping their game— it’s a matter of time before the trusted password manager you pick today declines in quality. The only definite lesson from the debacle is this: bad actors are nimble, relentless, and capable of acting decisively when even the smallest opportunities present themselves.  LastPass is not the first security tool to be breached, and it won’t be the last.

Signal Alert Adds an Extra Layer of Protection

It is clear that securing information is an ever-changing, multi-front enterprise. Even when you employ the best tools, your business still needs safety nets, monitoring, and real-time alerts.

If you think you need more protection than you’re currently getting, reach out to iThreat. Our SignalAlert program monitors the web in real time, watching for signals that malicious characters may want to exploit your data. And, we provide more than just simple alerts; we build profiles of the threats you face and assist in the investigation and take-down process.

Breaches are going to happen. SignalAlert is always there to watch the web on your behalf. 

Get the latest news from iThreat to your inbox

Enter your email below to stay up-to-date on the latest threat intelligence news and resources.

    Email Address
    About iThreat

    About iThreat

    Founded in 1997, iThreat has assisted hundreds of clients with thousands of internet monitoring and investigations, including multiple successful multinational law enforcement operations.

    Learn More
    About iThreat