LastPass Security Incident

LastPass is a fairly widely used password tool/vault in the market.

LastPass has claimed that malicious sources have managed to obtain personal information such as encrypted passwords stored in the vault of customers using their service.

So it's only a matter of time before a threat actor try to decrypt stolen encrypted passwords from LastPass.

If you use LastPass, in response to this incident, Streamscan recommends the following actions:

* Change the LastPass Master Password

* Change all passwords stored in your LastPass vault or the various vaults used by your staff.

* Be sure to apply more aggressive settings than the default LastPass configuration. Change the Password iterations value 100,100 to a higher value, for example to the one recommended here.

* Be vigilant with incoming email, phone calls or messages purporting to be from LastPass. There is a good chance that phishing attempts will occur as a result of this incident.

* Finally, if you have critical passwords that cannot be changed (for whatever reason), we strongly recommend that you monitor the Darkweb to make sure they have not been leaked (in the clear).

We are available 24/7 to support you.

Details on LastPass website.

How can StreamScan help you?

Cyber attacks are exploding all the time. Without continuous security monitoring, you have no visibility into what attacks are targeting you. You can't protect yourself from what you can't see.

Let us put our eyes on your network. Join our MDR managed monitoring platform powered by our CDS cyber threat detection technology and keep yourself safe from cyberattacks.