LastPass Announces Security Incident; Vault Data and Passwords Remain Secure | Information Technology | University of Pittsburgh

You are here

LastPass Announces Security Incident; Vault Data and Passwords Remain Secure

Thursday, December 1, 2022 - 12:03


LastPass, the provider for the University’s Password Manager service, is investigating a security incident involving a cloud storage service that is used by LastPass and its affiliate, GoTo.

If you use Password Manager (LastPass), please be assured that your passwords remain safely encrypted and all data stored in your LastPass vault remains secure. Although LastPass indicates that customers do not need to take any action in response to this incident, Pitt Information Technology is reaching out directly to Pitt users with a LastPass Business account in case they would like to change their LastPass master passphrase out of an abundance of caution.

LastPass is working to understand the scope of the incident and identify what specific customer information has been accessed. Details about the incident, as well as additional updates, will be posted to the LastPass website.

In the meantime, Pitt IT encourages LastPass users to keep in mind these security tips:

  • Make sure your LastPass master password is strong, unique, and sufficiently random.
    Learn how to create strong passwords …
  • If you have a personal LastPass account, enable multifactor authentication (MFA) protection. MFA will protect your LastPass account in the event the password becomes compromised. If you have a LastPass Business (formerly LastPass Enterprise) account, it is already protected by the University’s Multifactor Authentication Service (Duo).
    Learn how to enable MFA in LastPass …     

Please contact the Technology Help Desk at +1-412-624-HELP (4357) if you have any questions regarding this announcement.