One significant threat to using a password manager like LastPass is that if that account falls into the wrong hands you lose everything, which means attacks on those services are even more of a threat to users.
Unfortunately, the weakest link in security is normally the users themselves, with phishing and social engineering attacks being easy to automate and working all too often.
This morning, LastPass published a urgent PSA about a current active phishing attack on their users using an email attack. Email Phishing attacks aren’t sophisticated but that doesn’t stop them being successful. If you have received an email asking you to change your master password for LastPass and you clicked the link you need to IMMEDIATELY reset you password again through the LastPass website directly:
- Recover lost password: https://lastpass.com/recover.php
You can read the full details of the attack on the LastPass blog however remember to secure all of your accounts with long strong unique passwords and where possible activate Two Factor Authentication 2FA.
If you have family and friends who use LastPass please pass on this message, in fact even if you don’t please pass on this message to your networks. The more people know about the attack the less people will fall for it.