LastPass Hack: How It Signals a Need for Improved Cyber Security Measures

Submitted by Erica Kastner on Fri, 09/ 27/ 19 - 11: 39 AM
LastPass Hack



Last week, password manager LastPass experienced a data breach that briefly left the credentials of approximately 16 million users open to hackers. For those not familiar with LastPass, think of it as a secure bank vault with a passcode-based entrance. Bank vaults store all your valuables away so thieves cannot access them. Similar to a bank vault, LastPass acts as a secure storage location for the passwords to many of your accounts, from your online banking to your social media accounts. LastPass can even store information like your insurance details and home address.

After all your passwords are stored in LastPass ("the bank vault"), you create a master password to protect your vault. Then, LastPass remembers the accounts and associated passwords and has them ready for when you go to log into one of those accounts.

So, for instance, if one of your LastPass accounts was Facebook, when you go to log into Facebook, whether that's on a browser or in the Facebook app, LastPass will automatically pull the password from the "vault" and autofill it for you.

If you stored information like your debit card number or address, LastPass can autofill that information too when you're online shopping, for instance. LastPass helps save you time logging in and saves you the stress of remembering all your passwords.

The login to your master LastPass account is quite secure as well. They have security measures in place such as two-factor authentication as well as letting you use your fingerprint to login.

LastPass has to have strong security measures in place because of the information they are protecting. That's why it was so ironic and newsworthy when they were hacked last week. 

The glaring issue with LastPass' setup is if somebody figures out the password to your LastPass account, whether that's by hacking the corporate system or an individual user's LastPass account, then the hacker has easy access to all your other passwords. 

Google Project Zero discovered a bug in LastPass last week that revealed user credentials for any LastPass-linked accounts that were logged into on Chrome or Opera browsers.

Before the bug was fixed, around 16 million users were at risk of having their credentials compromised. Thankfully, there are no reports that any data was breached.

Though the bug was quickly fixed, the LastPass hack serves as a warning that its major competitors, 1Password and Dashlane, as well as businesses in general, should update their security measures.

READ MORE: Cyber Security Solutions: 12 Best Practices for Businesses

How LastPass Signals a Need for Improved Cyber Security Measures


How LastPass Hack Signals a Need for Better Cyber Security Measures


Though LastPass patched their cyber security infrastructure in the wake of their hack, this situation shows that businesses need to have multiple security measures in place, especially when they are storing sensitive information.

Leveraging strong cyber security will help prevent a cyber breach, but it also saves your company from an reputation damages or other cyber breach repercussions.

Due to the purpose of a company like LastPass that exists to protect confidential information, their reputation was likely harmed when they were hacked, damaging the trust they spent time building with their customers. 

Businesses shouldn't stop at having antivirus software and a firewall. They need to put a more robust cyber security infrastructure in place if they wish to ward off hackers.

We know that it can be hard for employees to remember the logins for all their work accounts, whether it be to their work email, company social media accounts, or financial accounts. Human error is a reason why employees are one of the biggest threats to your company's network.

A few potential solutions include instructing your employees about how to create strong passwords, advising against the use of password managers, and advising employees to change their passwords every six months.

Additionally, if your business wants truly high-level protection from the threats of the Internet, consider looking into managed services.

Managed services create multiple layers of security by installing various types of software and hardware, employing a team of skilled staff to constantly monitor your network for security threats, and by working to educate your staff on cyber security best practices.  

As LastPass proves, even large corporations can fall prey to hackers. If you're a small business, you might write off the hack as a situation that would never happen to you. Be warned though - hackers see small businesses as lucrative targets too. Don't leave yourself as a sitting duck.

Cyber Security- Don't Become a Sitting Duck


Posted by Erica Kastner


cybersecurity, news