LastPass Security Breach 2022

On December 22, 2022, LastPass notified their customers of a cybersecurity incident that may have put passwords stored in LastPass at risk.

If you use LastPass, read the following information and recommendations to protect your personal and work-related accounts.

What Happened?

An unauthorized party downloaded files containing passwords belonging to LastPass customers. The files are protected by the strongest level of encryption available and would still need to be cracked to get at usernames, passwords, and notes. Learn more about the breach at LastPass: Notice of Recent Security Incident.

What Can I Do?

Although this incident was not specific to UC Santa Cruz, due to its severity, we recommend you take the following actions if you use LastPass:

  1. Change your LastPass master password to a strong password consisting of at least 12 randomly selected characters. If your master password already meets the default master password settings, no action is needed.
  2. Change the passwords for individual accounts in LastPass, prioritizing your email, financial, and UCSC accounts, if your passwords do not already consist of at least 12 randomly selected characters.
  3. Enable two-factor authentication for LastPass and individual accounts. This provides an extra layer of protection.
  4. Monitor your accounts for fraudulent transactions. If you notice any unauthorized access or unusual activity, contact the account provider (not LastPass) immediately.