LASTPASS USERS READ THIS!!
1) If you use LastPass, attackers probably have a copy of your vault. CHANGING YOUR MASTER PASSWORD NOW WON’T HELP, they already have a copy that is unlockable with your old password.
What to do?
First, Stop using LastPass.
2) We don’t know how bad things are. It’s possible that attackers have ongoing access, so don’t just change your passwords and put them back into LastPass.
We will take care of urgent accounts first, manually, then set up a new password manager.
3) Move your crypto assets to new wallets.
If you had seed phrases in your LastPass, STOP EVERYTHING ELSE YOU’RE DOING RIGHT NOW.
Generate new wallets, write the seed phrases on a piece of paper ONLY, and move all your assets to the new wallets.
4) Don’t waste time coming up with a perfect custody solution, that’s time you don’t have.
If the attacker has access to your seed phrases, they can take your assets at any time and you can’t reverse that.
Move your assets safely first, then think about long term storage later.
5) Change your passwords on crypto exchanges and other financial stuff.
Write down passwords on paper for now. Use a different password each exchange.
Turn 2FA on, and make sure the 2FA code isn’t stored inside LastPass. If it was, remove 2FA and set it up again on another app.
6) Change passwords for your email accounts.
Anyone who has access to your email can access your other accounts via “forgot password” mechanisms, so make sure your email is safe.
Unique password per service, write it down on paper, use 2FA that wasn’t stored on LastPass
7) Also change your Apple iCloud and Google accounts’ passwords and 2FA.
These accounts probably can access data on your iPhone/Android, via backups and cloud sync, and potentially lock you out of stuff, so definitely change those ASAP.
8) You've now protected your most critical stuff
Now set up a new password manager.
Consider 1Password/Bitwarden/Keepass.
Set one up, with a new, strong master password. Store your new passwords in it.
No seed phrases! Those are too critical for an online password manager.
9) Now that you have a new password manager you should go ahead and use it to change your passwords on all your non-critical accounts.
Yes, all.
You probably have a lot, so prioritize the more important ones. Work accounts, file/photo storage, social media.
10) Plan a long term solution for your self-custody crypto assets.
Don’t keep the quick wallets you created before forever. Don’t use a password manager for those either.
Research hardware wallets, multisig, or if you have no idea what you’re doing consider a trusted custodian.
11) But whatever you do, if you used LastPass, act now. Don’t wait. You’re at risk.
Merry Christmas everyone, stay safe out there.
1) If you use LastPass, attackers probably have a copy of your vault. CHANGING YOUR MASTER PASSWORD NOW WON’T HELP, they already have a copy that is unlockable with your old password.
What to do?
First, Stop using LastPass.
2) We don’t know how bad things are. It’s possible that attackers have ongoing access, so don’t just change your passwords and put them back into LastPass.
We will take care of urgent accounts first, manually, then set up a new password manager.
3) Move your crypto assets to new wallets.
If you had seed phrases in your LastPass, STOP EVERYTHING ELSE YOU’RE DOING RIGHT NOW.
Generate new wallets, write the seed phrases on a piece of paper ONLY, and move all your assets to the new wallets.
4) Don’t waste time coming up with a perfect custody solution, that’s time you don’t have.
If the attacker has access to your seed phrases, they can take your assets at any time and you can’t reverse that.
Move your assets safely first, then think about long term storage later.
5) Change your passwords on crypto exchanges and other financial stuff.
Write down passwords on paper for now. Use a different password each exchange.
Turn 2FA on, and make sure the 2FA code isn’t stored inside LastPass. If it was, remove 2FA and set it up again on another app.
6) Change passwords for your email accounts.
Anyone who has access to your email can access your other accounts via “forgot password” mechanisms, so make sure your email is safe.
Unique password per service, write it down on paper, use 2FA that wasn’t stored on LastPass
7) Also change your Apple iCloud and Google accounts’ passwords and 2FA.
These accounts probably can access data on your iPhone/Android, via backups and cloud sync, and potentially lock you out of stuff, so definitely change those ASAP.
8) You've now protected your most critical stuff
Now set up a new password manager.
Consider 1Password/Bitwarden/Keepass.
Set one up, with a new, strong master password. Store your new passwords in it.
No seed phrases! Those are too critical for an online password manager.
9) Now that you have a new password manager you should go ahead and use it to change your passwords on all your non-critical accounts.
Yes, all.
You probably have a lot, so prioritize the more important ones. Work accounts, file/photo storage, social media.
10) Plan a long term solution for your self-custody crypto assets.
Don’t keep the quick wallets you created before forever. Don’t use a password manager for those either.
Research hardware wallets, multisig, or if you have no idea what you’re doing consider a trusted custodian.
11) But whatever you do, if you used LastPass, act now. Don’t wait. You’re at risk.
Merry Christmas everyone, stay safe out there.
Dislike ads? Remove them and support the forum:
Subscribe to Fastlane Insiders.