33 Million users at risk due to Lastpass hack


LastPass, a password manager used by more than 33 million people around the world, last night admitted a hacker had stolen source code and proprietary information after breaking into its systems.

“What do you do as a result of this hack?” lesson here – there is the lesson you should have learned a long time ago: monitor and carefully regulate your identity stores, user accounts, and behaviours. Attackers can break in, hide amongst the real users, and wreak havoc out in plain sight.

I’ll be eager to read the details of how the attacker(s) broke in, and take those lessons to customers and colleagues to strengthen their environments so they’re not compromised in the same way. But the message here is vigilance. Not because of this breach, or the one before it, or the hundreds before that – but for the next one and the hundreds after. Understand your environment, implement controls that balance usability and security, monitor for threats and attacks, and be ready to respond when things go sideways at 2am on a Friday. But that’s the lesson you should be learning every day.