intelligent

What action can businesses take now to ensure they ’ re as protected as possible ?

However , the true outcome of that breach wasn ’ t seen until December – just a couple of days before Christmas – when LastPass revealed that , as the result of that breach , there was another breach in November and hackers had gotten their hands on users ’ password vaults .

The timing caused a lot of issues . Many individuals and businesses had already finished for Christmas , leaving them very little time to react .

There is a historical element to consider here as well , namely LastPass ’ background with password iterations ( how many times they reiterate the hashes on them ).

Older users of the platform have very few iterations . Rather than going through and fully ensuring that every user had the right amount of hashes , that hasn ’ t been done , leaving those older users more exposed and their data more vulnerable .

In short , it will take far less brute force to crack an account with fewer password iterations . And as we headed into 2023 , it was just the master password that was preventing hackers from gleaning all of their data .

This isn ’ t just about LastPass . Again , what this breach shows is that nothing is hack-proof . Similar password management platforms will need to be wary because they ’ ve got a huge target on their back as a result of this , because of the mountain of data they hold .

The first thing to make crystal clear is that changing the master password on your LastPass account – and to the recommended best practice standard – is simply not enough .

As a result of that breach , those hackers now have access to all of your vaults , so to speak . Every detail that you or your business had in there is still at risk .

However , there are some key actions that can be taken now to mitigate the risk :

Implement two-factor or multi-factor authentication

This is the most important first step to take and will need to be implemented across every website or platform that doesn ’ t currently have either 2FA or MFA .

Essentially , this acts as another layer of protection , which usually comes in the form of a randomly generated code that is sent to a designated phone number by text or via a specific app . It ’ s also necessary for companies to be thinking about the endpoint , where that information is stored .

Having that in place means a hacker will need to have access to a personal phone or that installed app if they do crack your password .

Change your email password

This will need to be prioritised above and beyond every other saved website in your vault , because your email account is another treasure trove of information .

If a hacker has got access to your email and the password you have saved on a platform like LastPass , that hacker has got the keys to your kingdom . When we reset a password , the link is sent directly to our email addresses , so hackers will be able to change it to whatever they want , locking you out and giving them free rein to all of your important websites .

It is also worth clarifying that 2FA or MFA will need to be applied to this , too .

David Ballard , Director at Performance Networks

IT ’ S JUST THE LATEST HIGH PROFILE EXAMPLE THAT SHOWS NO BUSINESS IS SAFE FROM THE GROWING CYBERSECURITY THREAT .