Aug 6, 2014

The CyberVor Data Breach: What You Need to Know

News broke on August 5th that Hold Security, an information security and investigations company, discovered a Russian cybercrime ring that had amassed over 4.5 billion consumer records. According to the New York Times, the records mostly consisted of stolen login credentials (usernames and passwords) accumulated from over 420,000 websites, containing over half a billion unique email addresses. The cybercrime ring was dubbed “CyberVor”, Vor meaning “theft” in Russian.

While some sources remain skeptical of the details, news of the "CyberVor breach" has caused widespread concern. Allegedly, "CyberVor" used stolen credentials from the black market to distribute malware and build a botnet, then perpetrated vulnerabilities on websites big and small in order to gather more data.

As we monitor the situation and ascertain the authenticity of the details, we highly recommend using our steps below to mitigate any potential impact of the CyberVor breach and to increase your password hygiene. While your LastPass account is not affected, if you have reused your master password on any other sites it is absolutely critical that you update it now (via the LastPass vault in the "Settings" menu).

Mitigating the Impact of the CyberVor Breach


Start using a password manager. If you are not yet using LastPass or a password manager, we advise getting started immediately. Using a password manager centralizes your logins and passwords in one, secure place. Many people are surprised by just how many passwords they have once they pull what they have saved in their browsers into a password manager. A password manager also makes it easy to follow best practices with passwords and online security.

Run the Security Check. The LastPass Security Check identifies any weak or duplicate passwords, tells you if any sites were affected by Heartbleed, and gives you an overall “security score” so you can understand how you’re progressing with your password security. To run it, click the LastPass icon in your browser toolbar, then under the “Tools” sub-menu select the “Security Check”.

Replace duplicate passwords with generated ones. After running the Security Check, you’ll know which sites have weaker passwords, and you can start updating them. Begin with the most important sites - financial, email, and social. You can launch the site straight from the security check and login, then go to your account settings page on that website, and use LastPass to replace the old password. Repeat for all sites using weak, duplicate, and old passwords. Learn more.

Turn on multifactor authentication.
Multifactor authentication adds another security layer to your account by requiring that you confirm “something you have” (like a Google Authenticator code) after submitting “something you know” (your LastPass email address and master password). LastPass supports 10 multifactor authentication options, giving you the flexibility to choose one that suits your work flow best. Learn more.

Online security is about mitigation and remaining proactive. The protection of your online identity is in part dependent on utilizing strong, unique passwords for all of your online accounts. Just like you wouldn't give your one house key to someone you don't trust, don't give the same password to every website you use. By replacing weak and duplicate passwords, using multifactor authentication, and centralizing your accounts with a password manager, you’ll help mitigate the potential impact of this massive data breach and others in the future.

25 comments:

  1. Do you have any plans to add a check to the LastPass Security Check whether email addresses are found in this database?

    ReplyDelete
    Replies
    1. It's already implemented, this check is performed while checking your security score.

      Delete
    2. Fantastic, thank you!

      Delete
    3. For this particular breach we don't yet have a list - if that becomes available we would certainly looking at integrating to the security check results.

      Delete
    4. Thanks for your reply Amber. That's all I wanted to know.

      Delete
    5. please erase all account details in all the world and make the data back to zero mostly bank company here in dubai they are fuckiing stupid please help me and send me this virus or a hacking command and i will try to spread it here avtcw79@gmail.com

      Delete
  2. Didn't this news story just break a few hours ago?? Very impressed with your response time!

    ReplyDelete
    Replies
    1. Thanks! Appreciate the positive feedback.

      Delete
  3. http://www.theverge.com/2014/8/6/5973729/the-problem-with-the-new-york-times-biggest-hack-ever is worth a read here. Note that the list of accounts hasn't been released, so LastPass can't check it.

    ReplyDelete
    Replies
    1. Correct, we hope should the list become available to be able to check it.

      Delete
  4. Theft is кража (kraza), but вор (vor) is thief, so Cybervor actually means something more like Cyber thief

    ReplyDelete
  5. Use a cryptographic password generator like Cryptnos rather than what LastPass uses to generate passwords. The application is secure, open source, cross platform, Mobile, PC, Linux, Mac, and via a client side Website, so you can always re-generate your secure password even you're somewhere you don't have access to Lastpass (like at the bank, or a friends house). It uses strong cryptographic hashes to generate unique passwords, using two parts, a keyphrase you choose that is associated with whatever password you need generated (like yahoo, yahoo.com, login.yahoo, whatever) and a "master password" you chose you can use that adds to generating the password, that you never need forget. (like lizzy96) if you chose a family member who was born in 96, or whatever, and you could use that as your master pass for all your password generations in addition to the keyphrase. You then chose, a hash algorythm, how many hash iterations, length of password, and any character limitations imposed on the password (some passwords can't contain special characters, for example), and bam you have your unique, cryptographic, ultra-strong password. And all you need to remember is your master password to regenerate the password. If you're on a different device, just enter in the same information, keyphrase, master pass, hash, iterations, password limit, and you can regen your password again. But it's easy to carry with you as it comes as a mobile app as well. www.cryptnos.com Check it out. Well worth it, and rock solid.

    ReplyDelete
    Replies
    1. Thanks for sharing this tip. We would hope you'd never be without LastPass, between our mobile apps, web access, and universal download options, but we appreciate the tip on other tools out there.

      Delete
    2. That reminds me a lot to Master Password, very similar if you want to compare and try it:
      http://masterpasswordapp.com/

      Delete
  6. All Hackers, please spread this hacking here in UA mind if you dont, i will help you hahaha i will try, avtcw79@gmail.com please hack all bank company here in uae, mostly ENBD & Standard Chartered Bank and DUNIA

    ReplyDelete
  7. All Hackers, please spread this hacking here in UA mind if you dont, i will help you hahaha i will try, avtcw79@gmail.com please hack all bank company here in uae, mostly ENBD & Standard Chartered Bank and DUNIA

    ReplyDelete
  8. Is LastPass working now? I can't access it from my PC or mobile devices… getting a tad concerned now ...

    ReplyDelete
  9. Not working for me either....

    ReplyDelete
  10. How long before we can expect to be able to use lastpass again?

    ReplyDelete
  11. how come my post is showing the incorrect time?

    ReplyDelete
  12. I was considering trying LastPass today but after reading of people who can't access their devices from 8am to almost 7pm I'm not ready to risk it. I was hoping to mitigate risk :(

    ReplyDelete
  13. INTERNATIONAL CONCEPT OF WORK FROM HOME
    Work from home theory is fast gaining popularity because of the freedom and flexibility that comes with it. Since one is not bound by fixed working hours, they can schedule their work at the time when they feel most productive and convenient to them. Women & Men benefit a lot from this concept of work since they can balance their home and work perfectly. People mostly find that in this situation, their productivity is higher and stress levels lower. Those who like isolation and a tranquil work environment also tend to prefer this way of working. Today, with the kind of communication networks available, millions of people worldwide are considering this option.

    Women & Men who want to be independent but cannot afford to leave their responsibilities at home aside will benefit a lot from this concept of work. It makes it easier to maintain a healthy balance between home and work. The family doesn't get neglected and you can get your work done too. You can thus effectively juggle home responsibilities with your career. Working from home is definitely a viable option but it also needs a lot of hard work and discipline. You have to make a time schedule for yourself and stick to it. There will be a time frame of course for any job you take up and you have to fulfill that project within that time frame.

    There are many things that can be done working from home. A few of them is listed below that will give you a general idea about the benefits of this concept.

    Baby-sitting
    This is the most common and highly preferred job that Women & Men like doing. Since in today's competitive world both the parents have to work they need a secure place to leave behind their children who will take care of them and parents can also relax without being worried all the time. In this job you don't require any degree or qualifications. You only have to know how to take care of children. Parents are happy to pay handsome salary and you can also earn a lot without putting too much of an effort.

    Nursery
    For those who have a garden or an open space at your disposal and are also interested in gardening can go for this method of earning money. If given proper time and efforts nursery business can flourish very well and you will earn handsomely. But just as all jobs establishing it will be a bit difficult but the end results are outstanding.

    Freelance
    Freelance can be in different wings. Either you can be a freelance reporter or a freelance photographer. You can also do designing or be in the advertising field doing project on your own. Being independent and working independently will depend on your field of work and the availability of its worth in the market. If you like doing jewellery designing you can do that at home totally independently. You can also work on freelancing as a marketing executive working from home. know more, email us on workfromhome.otr214427@gmail.com and we will send you information on how you can actually work as a marketing freelancer.


    Internet related work
    This is a very vast field and here sky is the limit. All you need is a computer and Internet facility. Whatever field you are into work at home is perfect match in the software field. You can match your time according to your convenience and complete whatever projects you get. To learn more about how to work from home, contact us today on workfromhome.otr214427@gmail.comand our team will get you started on some excellent work from home projects.


    Diet food
    Since now a days Women & Men are more conscious of the food that they eat hence they prefer to have homemade low cal food and if you can start supplying low cal food to various offices then it will be a very good source of income and not too much of efforts. You can hire a few ladies who will help you out and this can be a good business.

    Thus think over this concept and go ahead.

    ReplyDelete