LastPass Security Incident Notification

Hello,

We wanted to inform you about a security incident affecting a popular password manager, LastPass, which was shared over the Christmas period.

LastPass informed customers that a threat actor accessed some of their backup data and had stolen copies of a number of customers’ encrypted password vaults.

LastPass does not keep copies of customers’ master passwords, so the attackers could not access encrypted data such as usernames and passwords. However, they may begin attempting to guess master passwords, using computer-aided techniques to perform many guesses per second.

LastPass has recommended their users take the following actions:
Check that your master password for LastPass is at least 12 characters in length and is not reused on other websites. If your master password meets these criteria, you do not need to take any further action at this time, as it would take more than one million years to guess a password of this length, even using modern techniques.
If your master password does not meet these criteria, they recommend you consider changing your passwords for all services stored within LastPass, prioritising email addresses and financial services.

We continue to monitor the situation and will let you know if there are any further updates or if further action is required from you.

If you have any questions, please don’t hesitate to reach out.

Kind Regards,