Update Your Password, Now
Although the passwords were hashed and salted, and there are no known dumps of the stolen data, it’s plausible that a percentage of the password hashes are known or have been brute-forced to reveal the plain text passwords, given the increasing speed at which brute-forcing can be performed and the proliferation of weak and duplicate passwords.
Echoing LivingSocial’s recommendations in their email to the 50 million affected customers, we strongly recommend that anyone with a LivingSocial account follow the steps to update their password immediately, and update the password on any other accounts that used the same or similar password. Launch LivingSocial, click the “Create New Password” button on the top right corner of the homepage, and update the password to a new, randomly generated one using the LastPass password generator, located in the Tools menu in the LastPass Icon. The LastPass Security Check, in the Tools menu in the LastPass addon, will also help you identify any weak or duplicate passwords.
Now Is the Time to Be Proactive
We’re seeing a trend that highlights some critical truths about passwords:
- Hacks of popular services are inevitable, and their frequency is increasing – password re-use and weak passwords make the situations that much more damaging
- The end user must be as proactive as possible about protecting their data – this means using a password manager to create strong, unique passwords, and following best security practices – like avoiding open WiFi, running up-to-date antivirus, avoiding public computers, and backing up your data
- Companies need to take responsibility in educating their employees and providing tools, like LastPass Enterprise, that help them better protect corporate data and enforce high security standards