Recently, both LastPass and Twitter were involved in data breaches that resulted in data exposure. Anyone with a LastPass or Twitter account may want to follow the tips included below to ensure their accounts remain secure.
In December 2022, cyber criminals were able to access a third-party cloud storage service that LastPass uses to store archived backups of their production data.
LastPass confirmed cyber criminals stole a copy of a backup of customer vault data that contained:
- Unencrypted data (e.g., website URLs)
- Encrypted sensitive data including:
- Account usernames and passwords
- Secure notes
- Form-filled data (first/last name, address, phone number, etc.)
Cyber criminals commonly use this information to attack those involved in a breach through password guessing, credential stuffing (e.g., attacks associated with password reuse across multiple accounts), and various types of social engineering tactics (e.g., phishing scams). Additional information about these tactics is available in this Imperva website article.
To ensure the security of your account, the Office of Information Technologies (OIT) Information Security team recommends all LastPass customers follow these steps:
- Change your master password (minimum of 16 characters)
- Never reuse passwords across multiple accounts
- Change account passwords if you believe your master password has been exposed
Additional information about this breach is available in this LastPass blog.
In December 2022, a data leak described as containing email addresses for over 200 million Twitter users was published on a popular hacker forum.
In this data breach, cyber criminals were able to access data such as phone numbers, email addresses, Twitter IDs, and other public information.
When cyber criminals obtain contact information, they may use various social engineering tactics to send targeted messages in an attempt to steal money or gain access to personal information. Additional information about these tactics is available in this Imperva website article.
To ensure the security of your account, the Office of Information Technologies (OIT) Information Security team recommends Twitter customers enable two-factor authentication on their accounts. Instructions are available in this Twitter Help Center article.
Additional information about this breach is available in this BleepingComputer news article.
If you receive a suspicious message of any kind, do not engage with the message. Delete text messages. Report email messages using the quick steps in this knowledge article.