LastPass Provides Action Items in Response to Breach
LastPass recently released an update providing additional context into the August 2022 security incident. The update serves to assure customers and business administrators of what LastPass will do differently in the future to avoid similar incidents and notifies federated users that the unknown threat actor exfiltrated the K2 split knowledge component from the LastPass MFA/Federation Database. LastPass also provides further recommended action items for general customers and business administrators.
The takeaways from the update involve ten key topic areas and subsequent action items to promptly take to stay secure.
The topic areas include:
- Master password length and complexity
- Iteration counts for master passwords
- Super admin best practices
- MFA shared secrets
- SIEM Splunk integration
- Exposure due to unencrypted data
- Deprecation of Password apps (Push Sites to Users)
- Reset SCIM, Enterprise API, SAML keys
- Federated customer considerations
- Additional considerations
Key LastPass recommendations for business administrators
- Review master password policies and enforce stronger master passwords
- Review security reports related to master passwords
- Reset shared secrets for non-federated customers
- Update Splunk instance token
- Review vault item password policies
Our recommendations for LastPass users
- Immediately update your LastPass master password
- Consider changing your passwords for sites stored within LastPass
- Stay alert for phishing attacks as hackers now have sensitive user information that could be used in a future attack
- Watch for further updates regarding this incident and what to do on LastPass’ website
LastPass has closed this investigation, so businesses should ensure that employees are aware of any data that may have been compromised and promptly act upon the action items provided by LastPass.
How we help
We can help your firm establish and test your cybersecurity program to ensure that it exceeds industry standards. Our team can:
- Develop and review written policies and procedures that meet your firm’s regulatory requirements and the latest industry standards
- Assess your policies and procedures to confirm they accurately reflect the cybersecurity procedures currently in practice at your firm
- Test your systems to identify network vulnerabilities and provide remediation recommendations
For questions about this alert, or to find out how we can help you meet your regulatory cybersecurity obligations, please reach out to your ACA Aponix consultant, or contact us below.