What the LastPass Breach Means for You
In December, password manager LastPass issued a report detailing a massive data breach. The breach saw customer data leaked, including company names, user names, addresses, email addresses, phone numbers, and IP addresses. Most concerningly, though, hackers were able to obtain copies of all customers’ encrypted password lists, which means, these bad actors have access to your entire vault of passwords. They just can’t read it.
Luckily, modern cybersecurity standards are keeping hackers from accessing these lists of passwords outright. A password manager like LastPass doesn’t store your passwords in plain text, since that would be counterintuitive. In an event like this, hackers could simply break in and read all your passwords. Rather, these passwords are all encrypted. That means, to a hacker, your passwords appear as nothing but unintelligible characters.
The only way for hackers to unscramble those characters (aka unencrypt the data) is with your LastPass master password. That’s the other saving grace here: LastPass doesn’t know your master password, nor do they save it on their servers. Only you know your master password (hopefully), which means its very unlikely hackers will be able to break into your password vault right away.
However, depending on how strong your password is, hackers might be able to brute force their way into your account in time. Think of it as hackers throwing a ton of password combinations at the wall and seeing what sticks. If they manage to “guess” your password by having a computer try thousands of combinations, they’ll have access to your vault, and the passwords within.
As long as you use a strong and unique password, though, the odds are in your favor. LastPass requires you to have a twelve-character password minimum, and implore you not to use that password anywhere else. As long as you follow those rules, it would take hackers “millions” of years to crack. Time is on your side. However, if you use a simple password that’s easy to guess, or one you reuse on other sites and accounts, change your password now. Make it strong and unique.
In addition, watch out for any phishing attempts from hackers coming down the pike. While your passwords may be safe, much of your other data might not be, so hackers might know your email address or phone number used for LastPass. They might pretend to be from LastPass, and might try to trick you into handing over your password or other authentication data in order to break into your account. LastPass will never contact you like this, so ignore these messages and report them.