We’ve just been notified of further details of the recent security incident involving LastPass, a password management software. Details Matter Bookkeeping uses this software to securely keep all of our client logins. LastPass has a zero knowledge architecture, which means that even they don’t know the master password used to access each user’s “vault”.
From what I’ve read, the hacker was able to copy a backup of encrypted customer vault data. But, the good news is that they would have to break each user’s master password in order to access this data. Which, with LastPass’ default master password settings, would take millions of years to guess using generally available password-cracking technology.
Details Matter Bookkeeping has also enabled multi-factor authentication for all its staff to add another level of security. Meaning our staff has both a master password and will need to get an authenticator code from an app like Google Authenticator or LastPass’ own authenticator app.
We take security very seriously. We are also bonded and insured – including cyber insurance. At this time, it doesn’t seem like there is a threat to your individual login information. So, we will breathe a sigh of relief for now. If you’d like to learn more about this security incident, you can read LastPass’ blog post about it here: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/