As we all know by now, the security of our online data is always at risk as long as there are cybercriminals out there crafting new ways to steal it. Passwords have been a crucial part of protecting our data for years now, and just so happen to be one of the most sought-after items of someone trying to hack your system. With your password, they will be able to access your accounts effortlessly, and therefore will have access to all the sensitive information that password was guarding. A good password is usually a complex, obscure, or otherwise not-easily-guessable combination of numbers, letters, and characters. In other words, “password” or “1234” are not good passwords. Though, these safe-but-complicated passwords do pose one problem- remembering them.
The LastPass Security Breach
LastPass is a downloadable tool that allows you to store all of your passwords in one place so that you don’t have to remember them all. This password manager helps you create strong passwords and remembers them for you, allowing you to safely access and share them. It gives you alerts if it detects a threat to your data and will even autofill passwords for you throughout your day, bypassing that pesky step of having to manually type in each password. This tool seems like a great resource for anyone who has trouble keeping track of the passwords to their accounts. However, LastPass recently fell victim to a data breach itself that put all of their users at risk.
LastPass put out a notice of their security breach in an update on December 22, 2022, stating that an unauthorized party had gained access to a third-party cloud-based storage device used by them to store archived backups of their production data. After targeting employees of the company with more attacks, the cybercriminal was able to access some of the customer information the company had stored. In their statement, LastPass said that basic customer information like company names, end-user names, billing addresses, email addresses, phone numbers, and IP addresses were copied by the cybercriminal from their backup. They were also able to copy website URLs that used the stored passwords and the encrypted versions of customer passwords. Although the cybercriminal did not gain direct access to the unencrypted passwords, the customers whose information was stolen are still at risk.
Future Cyber-Attacks May be Coming
All of the information that was stolen could allow the hacker to now target specific people in their attacks with a tactic called spear phishing. Spear phishing is a type of cyber-attack that is launched against a specific person or group in an attempt to manipulate, trick, or coerce said party into giving up sensitive information or allowing the cybercriminal to access their accounts, often unknowingly. Phishing commonly appears in the form of fraudulent emails in which a malicious link or attachment is placed. These links are designed to download malware onto your device or have you input sensitive information which will be used against you. The information that is stolen in attacks like the LastPass data breach is extremely useful to cybercriminals and their spear phishing campaigns.
With each private detail about someone a cybercriminal has access to, their phishing attempts could become better and better disguised. With the URLs of the websites that a person logs into, they can choose to disguise a phishing email behind the name of a company that that person regularly deals with or uses. The familiarity wouldn’t raise any mental red flags in the victim, and they would interact with the email as if it were actually from the reputable company. They could also make an email more realistic by including the victim’s phone number, address, etc. And, with that knowledge, the scammers could pull off fake tech support calls or fraudulent mail, all designed to further trick the victim.
Be careful with Your Information Going Forward
The reality of the situation is, the users whose information was compromised could be dealing with targeted attacks for years to come. Anyone who may have been affected needs to immediately change their LastPass master password, change the individual passwords to each of their accounts, and monitor their accounts for any fraudulent activity going forward. Enabling two-factor authentication on your accounts is also always a good idea when it comes to keeping your data safe. Never click on links or download attachments that you have not verified as authentic and be careful with your sensitive information. Spam filtering to reduce unwanted and potentially malicious emails provides a helpful defense as well. Situations like these are always extremely unfortunate and prove the importance of protecting data whether you are an individual or a large corporation.
If you are concerned about the safety of your data, you should consider working with a trustworthy IT partner like Blue Oak Technology Solutions. Here, we can help give you recommendations and advice when it comes to the security of your devices, as well as install anti-virus and anti-malware software to further combat threats. We offer services that could help you if you were to fall victim to a cyber-attack, like data backup services, and are completely committed to the safety of your data.
Read our previous blog post here: Dangerous New Phishing Tactic Called Clone Phishing