One significant threat to using a password manager like LastPass is that if that account falls into the wrong hands you lose everything, which means attacks on those services are even more of a threat to users.
Unfortunately, the weakest link in security is normally the users themselves, with phishing and social engineering attacks being easy to automate and working all too often.
This morning, LastPass published a urgent PSA about a current active phishing attack on their users using an email attack. Email Phishing attacks aren’t sophisticated but that doesn’t stop them being successful. If you have received an email asking you to change your master password for LastPass and you clicked the link you need to IMMEDIATELY reset you password again through the LastPass website directly:
- Recover lost password: https://lastpass.com/recover.php
You can read the full details of the attack on the LastPass blog however remember to secure all of your accounts with long strong unique passwords and where possible activate Two Factor Authentication 2FA.
If you have family and friends who use LastPass please pass on this message, in fact even if you don’t please pass on this message to your networks. The more people know about the attack the less people will fall for it.
I was so happy when I found this program! (Thanks to their Joe) now I’m being told hackers are at it again! Is anybody ever going to invent something hackers can’t crack? 😛
These are very helpful editorials. So many people out there click on links in emails, rather than going directly to their source, which is a dangerous thing to do.
I use 1password and would be buggered if my information was obtained, even though I never keep financial passwords etc within that program. I do have over 275 different passwords to websites and I would be lost where to start to change it all.
It would be a nightmare to say the least.