Security News > 2023 > March > LastPass releases new security incident disclosure and recommendations
"The threat actor was able to capture the employee's master password as it was entered after the employee authenticated with MFA and gained access to the DevOps engineer's LastPass corporate vault," detailed the company´s recent security incident report.
LastPass issued recommendations for affected users and businesses in two security bulletins.
The Security Bulletin: Recommended actions for LastPass free, premium, and families includes best practices primarily centered on master passwords, guides to creating strong passwords and enabling extra layers of security such as multifactor authentication.
To reset LastPass master passwords, users can follow the official LastPass guide.
The Security Bulletin: Recommended Actions for LastPass Business Administrators was prepared exclusively after the event to help businesses that use LastPass.
LastPass has expressed confidence that it has taken the necessary actions to contain and eradicate future access to the service; however, according to Wired, the last disclosure of LastPass was so concerning that security professionals rapidly "Started calling for users to switch to other services." Top competitors to LastPass include 1Password and Dashlane.