If users are no longer employed by the company or vendor or professional services are no longer being rendered, suspend those accounts immediately.
In turn, many of these usernames and passwords were stored in LastPass and could be used to infiltrate an organization that is not aware the service provider used LastPass.Įven if your company has never used LastPass, your organization may still be at risk.Ĭompanies should force a reset of all passwords that have not been changed in the last 90 days immediately.
In addition, contractors, service providers, and professional services – such as attorneys, accountants, and information technology consultants – are often given usernames and passwords to access company networks and accounts as a necessary requirement for carrying out their services. To mitigate risk from this compromise, all users should change any passwords that were stored in LastPass.īefore last year's breach, many of the largest professional services companies offered LastPass to their employees as an enhanced cybersecurity measure. In other words, the threat actor stole LastPass's entire trove of usernames and passwords, as well as company names, end-user names, billing email addresses, email addresses, and IP addresses. In December 2022, LastPass confirmed the threat actor who had compromised its development environment had accessed and copied customer account information and a backup of customer vault data. With a registered userbase of more than 25 million, LastPass is one of the largest password management companies in the world. In August 2022, LastPass suffered a cyber breach resulting in the theft of thousands of password vaults of both individual and corporate users. Even if you’ve never used LastPass, you may still be at risk. Password managers are important, but you must understand the risks they can pose.
0 kommentar(er)
