The Global Cyber Alliance (GCA), in its mission to enable a secure and trustworthy Internet — making the Internet a safer place by reducing cyber risk — has received inquiries from community members about continuing to use LastPass.
Recently, LastPass acknowledged that its platform was impacted by a series of attacks that resulted in the exposure of password vaults, compromising the security of authentication credentials and other types of sensitive information stored there. There has been significant discussion and debate on social media sites such as LinkedIn about its future security posture and alternatives for those wishing to migrate. However, little practical guidance has been made available in the context of that social media discourse to those wishing to continue to use LastPass.
For those wishing to continue using LastPass as a password manager, GCA recommends that all users strongly consider taking the following actions:
- Change the master password for your LastPass vault.
- Change all passwords stored in your LastPass vault.
- If you use LastPass to store any:
- personally identifiable information (PII), initiate a fraud alert, and lock your credit file with all major credit reporting agencies that serve your geographic area. You should also consider signing up for an identity theft or dark web monitoring service;
- financial information, such as credit card or bank account details, you should work with your financial institution to change the account numbers and ensure that they block future attempts to use the compromised accounts; or
- other types of sensitive information, you should assess the risks of data leakage and exposure and take any actions that may reduce the likelihood of those risks or mitigate their impact.
Please follow GCA’s blog for future updates about our cybersecurity toolkits, and do not hesitate to contact us if you want to become part of this growing community or sign up for our mailing list to stay up to date.