Popular password manager LastPass suffered a major data breach, exposing encrypted password vaults and other user information. Security experts are urging users to consider switching to alternative services due to a lack of transparency from LastPass and the potential urgency for attackers to crack stolen data.
On December 22nd, LastPass revealed a major data breach, following an earlier security incident reported in November. Hackers were able to access a backup of encrypted password vaults, along with other user data like names, email addresses, and billing information.
The severity of the breach is compounded by LastPass’s lack of transparency. The company hasn’t provided crucial details like the number of affected users and compromised vaults. Additionally, they haven’t clarified when the breach occurred, leaving users unsure how long attackers have had to potentially crack passwords.
Security professionals are advising LastPass users to consider switching to alternative password managers due to this lack of transparency and the potential risk of attackers cracking stolen vaults. WIRED recommends 1Password and Bitwarden as replacements.
Even if you decide to stay with LastPass, security measures are crucial. Enable two-factor authentication on all accounts, especially high-value ones like email and finance. Change passwords for all sensitive accounts and those stored in your LastPass vault.
This incident highlights the importance of clear communication from password managers during security breaches. While the breach shouldn’t deter users from password managers entirely, it underscores the need for careful selection and proactive security measures.
