Severity Rating: High
Overview
In
recent times, a Password manager LassPass service was hit by a
cyberattack leading to Data Breach. It is reported that the threat
actors obtained personal information belonging to its users that include
their encrypted password vaults by leveraging data leaked. The data is
encrypted and the threat actor could possibly perform brute force
attempt to guess the master password, or may carry out phishing,
credential stuffing, or other brute force attacks against online
accounts associated with your LastPass vault.
Description
It
is reported that, threat actors gained access to source code and
technical information from the utility¿s developer environment to target
users. The threat actors reportedly utilized information copied from
backup containing basic customer account information and related
metadata from which users were accessing the Password manager service.
The
Backup data from the encrypted storage container was stored in a binary
format containing both unencrypted data (website URLs) as well as
encrypted sensitive fields such as website usernames and passwords,
secure notes and form-filled data.
For
successful execution the threat actor may target users with a possible
brute force attempt to guess the master password, or may perform
phishing, credential stuffing and brute force attacks against online
accounts associated with the Password manager utility.
Best Practices:
Change
your password every 60-90 days on user-level accounts. This ensures
threat actors using social engineering, brute force and
credential-stuffing attacks cannot use your older passwords to gain
access to your systems or data.
Always use strong passwords
with a combination of alphabets (both uppercase and lowercase), numerals
and special characters. It would minimize the ability for successful
brute force password guessing.
Never reuse the master
password on other websites. If you reuse credentials and those
credentials gets compromised, hackers can easily access your other
accounts as well. The attackers may use dumps of compromised credentials
that are already available on the Internet to attempt to access your
account.
Do not browse un-trusted websites or click on
un-trusted links and exercise caution while clicking on the link
provided in any unsolicited emails and SMSs.
Exercise due care
before clicking on link provided in the message. Only click on URLs
that clearly indicate the website domain. When in doubt, users can
search for the organisation's website directly using search engines to
ensure that the websites they visited are legitimate.
Keep
personal information private. Threat Actors can use social media
profiles to gather information and make targeted attack against you.
References