If you're a LastPass user, you might be concerned to hear that the company has been hacked again. This time, customer information was exposed, meaning that your email address and password could be at risk. Unfortunately, the company has been very vague on the details, meaning we don't know exactly how much data may have been exposed and what it means for users.
The latest hack
2022 has been an eventful one for LastPass, with several security incidents at the company. The latest one began in August 2022 and involves the access of data through a third-party cloud storage service attached to LastPass. In 2020, the company announced that it was using AWS (Amazon Web Services) as its storage solution, so it's a pretty good bet that AWS was the target.
The company's statement has been vague about what customer data might have been accessed, but if they had access to the AWS storage account, it could be anything and everything. This could include name, email, password, and even stored credentials for the services that customers use LastPass to protect.
The impact on customers
At this point, it's hard to say what the impact of the hack might be. It's likely that anyone who used LastPass around the time of the hack should change their passwords and consider implementing two-factor authentication for any accounts where it is available. If you used LastPass to store login details for other services, they should also be changed.
Unfortunately, LastPass has been less than forthcoming about any of its security issues over the past few years. This means that the likelihood of getting a detailed account of what has been accessed is questionable. That is unless legal action forces them to release this information.
For now, the best move for customers is to assume that your data has been accessed and that someone has it. Take precautions to secure your external accounts, don't reuse passwords, and audit your linked services for unusual activity.
Should you continue to use LastPass?
Given the risks, it's understandable that some might want to switch to another password manager. However, LastPass has been quite clear about its commitment to customer security and privacy. They have also taken steps to improve their security measures in light of the recent incidents. In fact, we have included them on our list of trusted password managers, though this recent information could force us to revise that position for 2023.
The company is regularly auditing its code for vulnerabilities, rolling out two-factor authentication, and regularly updating encryption protocols. The bottom line is that LastPass is taking the proper steps to ensure customer security.
At this point, it's up to you whether or not you want to continue using LastPass. You should assess your own level of risk and decide if it's worth it or not. As long as you are diligent about changing passwords and implementing two-factor authentication, you should be safe from any further issues.