Eight UK cyber attacks and data breaches
Eight UK cyber attacks and data breaches were reported in December, marking the close to a year of significant breaches.
The most significant incident occurred at LastPass, the private equity owned password manager. Having suffered an initial breach in August 2022, LastPass announced that customer data had been breached in a related incident in early December.
Towards the end of December it was revealed that this data included customer password vaults. Due to the architecture of LastPass this in itself does not represent a direct breach of customer passwords, as the passwords in the vault are encrypted using a key derived from a user’s master password.
LastPass have since released a press release to assure users their passwords are secure.
Having said this however we still strongly advise the laborious task of changing all passwords currently stored in LastPass. The simple truth is that password vaults are now in the hand of potential attackers, who will currently be trying to crack master passwords with all their might. If your master password is easily guessable, which memorable human generated passwords can be, then there is a risk that your vault could be breached.
If you would like to know more about how we collate this information, please follow this link.
Scroll down to see the list.