If you are unsure of the legitimacy of any email, please reach out to your support team. Please remain alert for these types of attacks. Be on the lookout for suspicious spam/phishing messages from attackers pretending to be LastPassīecause your email address and the sites LastPass stores passwords for may have been accessed, there is an increased risk of phishing attacks impersonating LastPass itself or targeting LastPass users.Remove LastPass entries for services you are no longer using.Directions for changing that are here - 310,000 is now recommended. Update the LastPass default iteration setting of 100100.If you have sensitive data stored in other fields, change that data if applicable.Change all passwords stored in your vault, starting with your most important ones first.In addition to the Action Items listed above, we recommend that you: Ben Financials)Įnable Two-factor authentication for LastPass and any other accounts that support it.Ĭhange credentials that are stored with links to login pages.Ĭhange or remove additional sensitive information stored in LastPass, such as addresses or other identifying information. Make it a complex password, as recommended in the PennKey Password Rules.Ĭhange any passwords stored in LastPass that have access to potentially sensitive data, including:īanking and other financial account passwords (e.g.
We recommend taking the following steps as soon as possible:Ĭhange your LastPass master password as soon as possible.
These recommendations reflect current best practice. Out of an abundance of caution, we are reaching out to LastPass users with the recommendations listed below. University InfoSec has determined the risk of hackers gaining access to that encrypted data is low for most LastPass users.Īs we learn more about how this breach affects the Wharton Community we will update this page.įollowing the notice on 12/22/22 from LastPass regarding its recent security compromise, the University's Information Security team (InfoSec) has determined the risk of hackers gaining access to that encrypted data is low for most LastPass users.
LastPass recently released a statement with more details about a compromise earlier this year in which unknown acts obtained customer cloud storage vaults.
0 kommentar(er)
