(844) 915-5155
(844) 915-5155

LastPass Hacked in November 2022: How to Protect Your Organization from ramifications

LastPass Hacked in November 2022: How to Protect Your Organization from ramifications
Your technology is key to your company’s performance
At XL.net, we make sure that your technology aligns with your business goals through our reliable and managed IT solutions.
Free and No Obligations
Published Dec 01, 2022

On November 30th, 2022, LastPass was hacked for a second time in 6 months. LastPass, with 25 million users, is one of the most popular password management solutions in the market. This article will discuss what happened, and how you can protect your organization from potential ramification of the LastPass hacks.

LastPass hacked again using information from August 2022 hack

“We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.” Though LastPass is ensuring the customer’s stored passwords are safe it is unclear at this point what was compromised.

The entry point for the hack was not disclosed, though based on the information data was from August incident was used the only assumption we can make is that there remained or remains an external access method that either has no multi-factor authentication (MFA), SMS based MFA, or at least one compromised MFA enabled account.

What is Password Management


A password manager is a software that allows users to store, generate, and manage their passwords for local applications and online services. A password manager assists in generating and retrieving passwords, storing such passwords in an encrypted database, or calculating them on demand. The assumption is because users no longer have to remember the passwords, that each password can be unique and more complex.

A password manager does not remove the necessity of utilizing MFA, but it theoretically reduces the risk associated with memory-based password management.

How to protect your organization from the LastPass hack

Regardless of whether you use LastPass, another password management solution or no solution, it continues to be best practice to utilize non-SMS based MFA on all systems.

If you are you in a business setting, your IT department or IT firm “should” be applying best practices and requiring non-SMS based MFA on all systems at a company level. Hopefully your IT department or IT firm is ISO 27001 certified, and proactively addressing risks, of which lack of MFA is just one.

If you are an individual user of LastPass, go through all your password protected services, and attempt to turn on MFA. Even SMS based MFA will reduce your risk, but of course non-SMS based MFA is your best option if available.

Though the LastPass hack is unfortunate, having such a public company be visibly hacked, serves as a lesson that the rest of us can apply and prevent being hacked ourselves.

You may also like

Jul 18, 2022

Why XL.net Exists

Dear Small businesses, the people within them and XLnetters, I have struggled since early 2009, b...

Oct 19, 2020

We were published on Forbes.com!!

Thank you to the wonderful editors and proofreaders at Forbes.com for launching our article Four Tec...

May 21, 2020

Chicago IT Support and Outsourcing Selection Guide

Your business has decided it's time to change your Information IT support / Information Technology d...

Apr 27, 2023

The 4 Biggest Security Threats in Cloud Computing

As your business operations evolve, cloud computing has grown to be an integral part of your busines...

Apr 19, 2023

The 4 Most Important Benefits of Outsourcing IT Services

As a small business owner, you are likely constantly seeking ways to optimize your operations, strea...

Apr 12, 2023

7 Important Types of IT Managed Services

Managed IT services have become a crucial component of doing business today, with over 87% of compan...