Be on the lookout for any suspicious emails requesting personal information. If you receive an authentication request via text, phone call, email that you did not initiate- DO NOT APPROVE! Instead, contact your Help Desk immediately. LastPass is protected with two-factor-authentication. Begin with more critical and widely used credentials (email, bank account, social media). Review and change passwords for other sites and services you have stored in LastPass. This should be different than your UR or URMC Active Directory password/phrase. Change your LastPass master password to a new, unique password or passphrase. However, the threat that hackers will try to decrypt or use brute force to decipher LastPass logins, continues. University IT and ISD would like the UR community to know they are heavily evaluating the University’s relationship with LastPass in light of these recent issues and offer some guidance on how you can stay ahead of the breach. 
Since most of the usernames and passwords stolen are encrypted by a user’s master password (not stored on LastPass’ servers) it’s proving difficult to expose.
Fortunately, anyone with a University subscription to LastPass have only had their name and email leaked – the University has notified these users providing immediate actions to take. However, if you use the password management tool on a personal account, the risk of sensitive data loss is more significant. It was disclosed that hackers stole company data and accessed customer information (names, email, usernames/passwords, billing address, etc.).
LastPass confirmed more details tied to their recent November breach.
0 kommentar(er)
