URGENT: Potential LassPass Access Compromise

2 views
Skip to first unread message

Chew, Kean Ho

unread,
Dec 28, 2021, 7:46:38 PM12/28/21
to ZORALab Enterprise
To all our customers who are using LastPass Password Manager:
  1. We received a security notification 5 hours ago that LastPass, a password bank vendor, was targeted by hackers to potentially compromise users' master passwords[1][2][3][4][5]. According to official LastPass statement[5], as dated to this email, there isn't any compromise yet but the user's misconfigurations. However, since password manager are NOT your normal yada-yada since breaching it can leak all your accesses across the Internet and locally in office, we advise you NOT TO TAKE unnecessary risks and:
    1. Change your master password into a very unique one (33 characters length, A-Z, a-z, 0-9, symbols)

  2. Although our customers using Bitwarden are unaffected, we advise ALL our customers who use password manager to manage access to:
    1. STRICTLY enables at least 2 2nd factor authentication (e.g. authenticator app and email).
    2. NEVER share or use your master password across other services. (Why would you do that?!)

  3. Remember, service providers like LastPass, Bitwarden, ZORALab and absolutely no one need to know about your master password. In the event of shared services accesses, there are facilities that can safely distribute them within their applications (e.g. Bitwarden's Organization). Therefore, always remember: There is no need and DO NOT share your master password.

  4. Please act fast and stay safe!

----
References:
[1] - https://twitter.com/search?q=LastPass&src=trend_click&vertical=trends
[2] - https://www.bleepingcomputer.com/news/security/lastpass-users-warned-their-master-passwords-are-compromised/
[3] - https://appleinsider.com/articles/21/12/28/lastpass-master-passwords-may-have-been-compromised
[4] - https://www.androidpolice.com/hackers-going-after-lastpass-master-passwords/
[5] - https://blog.lastpass.com/2021/12/unusual-attempted-login-activity-how-lastpass-protects-you/
----



Regards,
Holloway
Founder

ZORALab Enterprise (002599169-M)
Through Knowledge With Serve

____________________________________________________________
If you are not the intended recipient, please contact the sender immediately and delete all copies. The sender holds zero liability for any damages caused. If the content is digitally and cryptographically signed and/or encrypted by GNU Privacy Guard (GPG) key, please seek out the public key with the sender email at https://pgp.mit.edu.



Reply all
Reply to author
Forward
0 new messages