LastPass Security Breach 2022

December 22, 2022: LastPass notified their customers of a cybersecurity incident that may put passwords stored in LastPass at risk.

If you use LastPass, read the following information and recommendations to protect your personal and work-related accounts.

What happened

An unauthorized party gained access to a third-party cloud-based storage service, which LastPass uses to store archived backups of production data. This party was able to download password vaults belonging to LastPass customers. The files are protected with Advanced Encryption Standard (AES256) and would still need to be cracked to get at usernames, passwords and notes. Read more details about the breach

Although this incident was not specific to UCSC, due to the severity of it, we recommend that you immediately take the following actions if you use LastPass.

Steps to take: 

Although this incident was not specific to UC Santa Cruz, due to its severity, we recommend you take the following actions if you use LastPass:

  1. Change your LastPass master password to a strong password consisting of at least 12 randomly selected characters. If your master password already meets the default master password settings, no action is needed. 
  2. Change the passwords for individual accounts in LastPass, prioritizing your email, financial, and UCSC accounts, if your passwords do not already consist of at least 12 characters. 
  3. Enable two-factor authentication for LastPass and individual accounts. This provides an extra layer of protection. 
  4. Monitor your accounts for fraudulent transactions. If you notice any unauthorized access or unusual activity, contact the account provider (not LastPass) immediately.

Further Reading

LastPass: Notice of Recent Security Incident