Lastpass hack worse than expected, is your data still safe?

Hi and welcome to another Security weekly. Where we laugh, we cry and share the latest and greatest in security and tech news.

Did you know? The first computer bug was a moth that was found stuck in a Harvard Mark II computer in 1947. This makes a good argument to include "Pest Control" in security certifications.

In this week's edition:

🌧️ LastPass hack worse than expected🎖️ Cyber Security certifications🔥 the quick and dirty

Reading time: 02:46

LastPass hack worse than expected

Last week I wrote about how LastPass hack got hacked, again.

But, as it turns out the story gets even worse.We were first informed only code was stolen, but as it turns out also user password vaults were taken.LastPass' Ceo, Karim Toubba, disclosed that the cloud service where the unusual activity was first spotted, is also used to store archived production data.

So, the big question LastPass users are now asking themselves: Is my data still safe? Or do I have to change every password I have stored there?

Short answer: You don't have to change every password stored.Long answer, here are some useful tips:

• Your user info is at risk - Name, business name, street address, ip address, all leaked. Expect an increase in phishing and other attacks.

• Your stored passwords are not at risk, yet - your passwords are encrypted, so they can't be read. But if they crack your master password, they can bypass your encryption.

• Your master password is probably safe - that's never stored by LastPass. However, if you have a weak master password - change it immediately. Ideally your master password is very hard to crack. Use this overview to see how long it would take hackers to crack your password

For those wondering:I store my personal data in an online password manager (not LastPass, but that's rather coincidental).For company data, I'd look for a self-hosted solution.

Cyber Security certifications

In my last edition of Security-like-I'm-five I talked about Cyber Security certifications and possible career paths.

The reactions I got were overwhelming. Apparently lots of people are looking for some guidance on the matter.But what stood out is, that almost nobody had heard about Certified in Cybersecurity by (ISC)² and that it's free.So let me highlight this again, because this is a very good opportunity for a lot of people to dabble their toes in cybersecurity.

Earlier this year, (ISC)² came out with Certified in Cybersecurity. A new "entry-level" certification. Although the term entry-level is to be taken lightly here. I'd scale it in the mid-range.See this one as CISSP-mini.To pass the exam you have to prove your knowledge in these domains;

• Security Principles

• Business Continuity (BC), Disaster Recovery (DR) & Incident Response Concepts

• Access Controls Concepts

• Network Security

• Security Operations

It's free under the One Million Certified in Cybersecurity initiative by (ISC)².Check it out.

The quick and dirty

• Telling users to ‘avoid clicking bad links’ still isn’t working - who would have guessed? Right? Well, this guy.

• “Suspicious login” scammers up their game – take care at Christmas - as with every holiday, be careful. Expect an increase in phishing attempts.

• Incognito mode: what it is, what it does and doesn’t do - cool article for those unaware. I think people think too much of incognito mode. I can still see your porn searches during work hours, Daniel.

• Meme of the week

Security like I'm five

Don't have time for hours of research? Don't have 20 years of experience in security? Me neither, but I gotchu fam.In Security like I'm five I cover a range of security topics. I do all the hard work, and explain it to you in a practical matter. Lot's of meme's too. Good stuff, good stuff.This and Security weekly conveniently delivered to your mailbox a couple of times a week, for free.Pretty sweet deal if you ask me.

So sign up for the newsletter and be enlightened! (don't set the bar too high tho)