Hopefully, most of you have heard the news about LastPass, a leading password management software. They recently confirmed that a reported breach was far worse than the security community initially believed. I'm talking with you about it today because the story continues to unfold. We've received information indicating that some of the unencrypted data could be used for more than just phishing attempts. Both encrypted and unencrypted data from customer password vaults have been stolen by this hacker, as well as some proprietary source code. It's still unclear which customers are victims, but many companies are scrambling to lock down their environments. If you use LastPass to store your credentials, here's a few steps that advise you to take immediately. Rotate any passwords and keys stored in LastPass. Check password reuse across your sites and services. Enable MFA on everything. When your users have increased risk of phishing. Pay careful attention to your accounts for breaches and suspicious activity. Many of my colleagues in the cybersecurity industry are also advising LastPass customers just to move on to other providers. But each company needs to determine what level of risk is acceptable to them. To decide that as more information becomes available, I'll try to share it in future sessions.
