What happened at LastPass back in June?
In June of 2015, LastPass (a password management tool) was targeted by hackers. The resulting security breach quickly became “big news” adding more worry to everyone's mind. People started to wonder if they should stop using online password managers. The hackers made it through the LastPass internal systems and stole customer Email addresses as well as password reminder information.
So, how am I at risk from this product breach?
Without taking away from the seriousness of the breach, many security experts say that this event is limited in terms of consequences. The intent of the hackers was to retrieve contact information (customer names and Email addresses) so they could reach out to LastPass clients and trick them with classic phishing attacks.
The risk for you to be caught in this type of scam relies on your ability to recognize the warning signs.
How do I secure my on-line password manager account?
The first thing to remember is never engage in any transaction requested through an email. This holds true for the following:
- Online banking
- Online bill payments
- Retail store email promotions
- Emails you're not expecting (FedEx or UPS when you didn't order anything)
Always go to the website requesting some action but not through the Email. The risks are simply way too high to trust Email these days. You should always change your lockbox master password after a security breach of some kind. This won’t hurt you in any way, and also complies with general best practices about password management.
Be careful when addressing “secret questions” that are used to recover lost passwords (this is a favorite for hackers). Don’t use expected answers (i.e. the name of your first car or pet. These don’t have to be real, just make it up and store the fake answer somewhere safe).
Whenever you have the ability to enable multi-factor authentication, do it!
What can I do?
Let’s be honest, the likelihood of other security breaches targeting companies like LastPass is pretty high. That’s the nature of the game in today’s digitally driven economy. Your own counter-measures as described in this blog combined with the fact that all your financial institutions have security policies in place to protect your assets are enough to keep your information secure.
Sometimes, It's also just a matter of being less vulnerable than those around you. Here more tips on password security that will help you avoid becoming an easy target.