If You Use LastPass, You Need to Change All of Your Passwords ASAP
Are you a LastPass user? This popular password manager was the target of a major data breach last December, which means many people’s passwords and personal data were exposed to nefarious entities.
According to LastPass CEO, Karim Toubba, there was a security incident in August that led to unauthorized parties stealing customer data in December. However, this is not a unique event for LastPass since it’s been having security incidents since 2011.
What kind of data was exposed? According to Toubba, hackers got their hands on unencrypted data such as LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses.
There was also vault data stolen, containing both unencrypted and encrypted information such as usernames and passwords for all visited sites.
Let’s pause for a second here. This is a password manager. They’re holding the keys to your kingdom, so to speak. Anyone sensible would think that they’d do well what they’re supposed to do, that is, storing your passwords securely.
Even more alarming is the fact that this has been happening since at least 2011, and nobody knows how many other undisclosed events might have happened so far.
What to do about it
If you’re a LastPass user, the first thing that comes to mind is switching to another service. However, the most pressing issue is to immediately change your passwords on any site you have visited. You have to assume there’s somebody out there with all your data, and possibly a lot of ideas on how to use it.
Even though the most sensitive data is encrypted, nothing prevents crackers from using brute force attacks on your information, even though it can take a long time for a good password to be cracked. According to LastPass, it could be millions of years, unless you have used “qwerty1234” or something similar.
Since the company has a history of security breaches, you might also consider visiting sites you no longer use but still have access to, just in case. You may think this is a colossal task, and it is. But it’s much better to be safe than sorry.
The best course of action is to start with the most important sites first. This means your passwords for online banking, e-commerce platforms, job-related sites, health services and anywhere where you may have critical private information stored.
Then you can go on to changing passwords for less critical sites such as newspaper subscriptions, online forums, etc. Don’t forget your phone apps, too, since many are permanently logged in. Finally, use 2-factor authentication. I know it’s a drag, but it’s the best way to prevent someone from accessing your account.
A “fun” fact about this security breach and LastPass is that, even though you may think your encrypted info is safe, it indirectly isn’t. This is because LastPass doesn’t encrypt your visited URLs, so hackers can see where you logged in, and whether you have login information saved. This paves the way for many social engineering tactics.
We live in a brave new world, folks. But with these recommendations, you’ll be in top shape to prevent major issues even if someone manages to get their dirty hands on your data.
Uhh, this has already been possible – I am not sure how but remember my brother telling me about it. I’m not a whatsapp user so not sure of the specifics, but something about sending the image as a file and somehow bypassing the default compression settings that are applied to inbound photos.
He has also used this to share movies to whatsapp groups, and files 1Gb+.
Like I said, I never used whatsapp, but I know 100% this isn’t a “brand new feature”, my brother literally showed me him doing it, like… 5 months ago?
Martin, what happened to those: 12 Comments (https://www.ghacks.net/chatgpt-gets-schooled-by-princeton-university/#comments). Is there a specific justifiable reason why they were deleted?
Hmm, it looks like the gHacks website database is faulty, and not populating threads with their relevant cosponsoring posts.
The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk that it’s about to be deleted from my ‘daily reads’.
It’s really like “Press Release as re-written by some d*ck for clicks…poorly.” And the subjects are laughable. Can’t wait for “How to search for files on Windows”.
> The page on ghacks this is on represents the best of why it has become so worthless, fill of click-bait junk…
Sadly, I have to agree.
Only Martin and Ashwin are worth subscribing to.
Especially Emre Çitak and Shaun are the worst ones.
If ghacks.net intended “Clickbait”, it would mark the end of Ghacks Technology News.
Ghacks doesn’t need crappy clickbaits. Clearly separate articles from newer authors (perhaps AIs and external sales person or external advertising man) as just “Advertisements”!
We, the subscribers of Ghacks, urge Martin to make a decision.
because nevermore wants to “monetize” on every aspect of human life…
“Threads” is like the Walmart of Social Media.
How hard can it be to clone a twitter version of that as well? They’re slow.
Yes, why not mention how large the HD files can be?
Why, not mention what version of WhatsApp is needed?
These omissions make the article feel so bare. If not complete.
Sorry posted on the wrong page.
such a long article for such a simple matter. Worthless article ! waste of time
I already do this by attaching them via the ‘Document’ option.
I don’t know what’s going on here at Ghacks but it’s obvious that something is broken, comments are being mixed whatever the article, I am unable to find some of my later posts neither. :S
Quoting the article,
“As users gain popularity, the value of their tokens may increase, allowing investors to reap rewards.”
Besides, beyond the thrill and privacy risks or not, the point is to know how you gain popularity, be it on social sites as everywhere in life. Is it by being authentic, by remaining faithful to ourselves or is it to have this particular skill which is to understand what a majority likes, just like politicians, those who’d deny to the maximum extent compatible with their ideological partnership, in order to grab as many of the voters they can?
I see the very concept of this Friend.tech as unhealthy, propagating what is already an increasing flaw : the quest for fame. I won’t be the only one to count himself out, definitely.
@John G. is right : my comment was posted on [https://www.ghacks.net/2023/08/23/what-is-friend-tech/] and it appears there but as well here at [https://www.ghacks.net/2023/07/08/how-to-follow-everyone-on-threads/]
This has been lasting for several days. Fix it or at least provide some explanations if you don’t mind.
> Google Chrome is following in Safari’s footsteps by introducing a new feature that allows users to move the Chrome address bar to the bottom of the screen, enhancing user accessibility and interaction.
Firefox did this long before Safari.
Basically they’ll do anything except fair royalties.