Do you use LastPass? Please review your account immediately following a recent security breach
If you are a LastPass user, please take a moment to immediately review and update your LastPass details following a recent security incident.
As you may already know, LastPass was targeted in a cyber security attack that resulted in a significant breach impacting all users. From what we understand, the attacker exfiltrated LastPass vaults from a third-party backup provider that LastPass uses.
Although most of the information breached was encrypted, we are aware that the attackers gained the ability to access the information stored in LastPass from some personal LastPass accounts that weren’t using Deakin Single Sign-On (SSO), have not had the correct security settings or had weak passwords.
What immediate action do I need to take?
If you are not using Deakin SSO to log into LastPass, we recommend you take the following actions.
- Reset your master password. Ensure the master password is a minimum of 16 characters, and do not reuse the master password anywhere – it should be unique and only used for LastPass access.
- Check your ‘Advanced Account settings’ and ensure you use the right settings. Follow the steps in this helpful LastPass article regarding how you can change your password iterations.
- Update all passwords in your password vault.
In your LastPass ‘Security Dashboard’, if you have a ‘master password alert’, it is recommended that you update important passwords in your LastPass vault.
How do I stay safe?
- Remain extra vigilant for any dodgy emails you may receive, especially on the email account registered with LastPass and email accounts within your LastPass vault.
- Enable Multi-factor Authentication (MFA) wherever possible on all your digital accounts.
- For a step-by-step guide on what to do in the event of a data breach, read Deakin’s Cyber Security blog for advice. You can also check haveibeenpwned.com to see if your email accounts have been impacted by any other data breaches.
Visit the LastPass website for more information, and contact LastPass support if you have any further concerns regarding your personal LastPass account.