While some sources remain skeptical of the details, news of the "CyberVor breach" has caused widespread concern. Allegedly, "CyberVor" used stolen credentials from the black market to distribute malware and build a botnet, then perpetrated vulnerabilities on websites big and small in order to gather more data.
As we monitor the situation and ascertain the authenticity of the details, we highly recommend using our steps below to mitigate any potential impact of the CyberVor breach and to increase your password hygiene. While your LastPass account is not affected, if you have reused your master password on any other sites it is absolutely critical that you update it now (via the LastPass vault in the "Settings" menu).
Mitigating the Impact of the CyberVor Breach
Start using a password manager. If you are not yet using LastPass or a password manager, we advise getting started immediately. Using a password manager centralizes your logins and passwords in one, secure place. Many people are surprised by just how many passwords they have once they pull what they have saved in their browsers into a password manager. A password manager also makes it easy to follow best practices with passwords and online security.
Run the Security Check. The LastPass Security Check identifies any weak or duplicate passwords, tells you if any sites were affected by Heartbleed, and gives you an overall “security score” so you can understand how you’re progressing with your password security. To run it, click the LastPass icon in your browser toolbar, then under the “Tools” sub-menu select the “Security Check”.
Turn on multifactor authentication. Multifactor authentication adds another security layer to your account by requiring that you confirm “something you have” (like a Google Authenticator code) after submitting “something you know” (your LastPass email address and master password). LastPass supports 10 multifactor authentication options, giving you the flexibility to choose one that suits your work flow best. Learn more.
Online security is about mitigation and remaining proactive. The protection of your online identity is in part dependent on utilizing strong, unique passwords for all of your online accounts. Just like you wouldn't give your one house key to someone you don't trust, don't give the same password to every website you use. By replacing weak and duplicate passwords, using multifactor authentication, and centralizing your accounts with a password manager, you’ll help mitigate the potential impact of this massive data breach and others in the future.