Lastpass Security Issue
Sippy Software has been informed regarding a security breach for LastPass. LastPass is a service we use to store sensitive data for some of your SoftSwitches for support purposes. We want to let our customers know we aware of this issue that is beyond our control and let you know what steps we have done to protect your systems and what you can do to help improve your own security. The details are listed here below as well as steps we have taken to protect our customers and what our customers can do to help protect themselves.
During this breach the unauthorized parties was able to gain access to unencrypted information such as our LastPass Usernames, our company name, our billing information, and contact details. They were also able to get a copy of customer Vault Data which is contains unencrypted data like Website URLs and Encrypted data like usernames and passwords that were stored for that site. Decrypting this data is possible through brute force attempts but this may take some time for the attackers to decrypt these passwords. We have already taken the steps to implement some further best practices we have to protect your sensitive data.
Sippy has asked our associates to go through a few steps to further protect our sensitve information. Our team has long implemented 2 factor authentication for all our last pass users. Two Factor authentication gives us an extra layer of security ensuring we have a secondary method of ensuring we have an alternate method of identifying who we really are. We have also asked our staff to update their master passwords and each of the individual site level passwords that we can.
To help further this effort we would would ask our customers who may have shared user credentials for things like KVM access to change passwords to best protect their systems. Sippy will happily provide you with a list of credentials we keep on file for you and update any login credentials where changes are needed.
This issue is outside of our control however we can take steps to minimize and mitigate any future disruption with the comprimised data that was obtained. If you would like to read more about this issue you can read the following article: https://www.cnet.com/tech/services-and-software/lastpass-customers-need-to-change-all-of-their-passwords/