LastPass: Security Incident Update and Recommended Actions Please visit the security bulletin links for more information and things to do, including templates for communication.
Communicate with end users about the risks associated with these incidents. Generate URL reports to access risks for credential stuffing, phishing, and social engineering attacks. View What Data Was Accessed on the LastPass blog to find specific information about what encrypted and encrypted data was exposed. Ensure super admins follow best practices. Review users’ password iteration count settings and shared folder access. Review and enforce master password policies and security reports. Enable multi factor authentication for your account. Evaluate password hygiene and strength. Ensure the master password hasn’t been reused. 
Determine if your master password needs to be reset. LastPass has published guidance documents for both consumer and business customers, including the following topics: Review who you have shared passwords with and remove anyone who no longer needs access. Review and increase your password iteration count. Consider resetting your master password. Updates will be provided on this page:Īt this time, UW-IT advises that you perform the following actions on your Enterprise Lastpass account: 
UW-IT is reviewing the latest disclosures about the LastPass breach and determining next steps for UW’s LastPass Enterprise contract. An updated summary of those details are included in the What Happened section below. Additional details have emerged about the nature of the LastPass data breach that the company disclosed in December 2022.
0 kommentar(er)
