What if Your Password Manager got Compromised?
In this technological era, everything went digital. From transacting online to shopping & from booking cabs to buying flight tickets, everything is possible through apps and online services. All of these accounts need passwords to take access to those accounts. We prefer to keep the passwords in password managers.
But are these password managers safe? Are they completely hack-proof? Well! This article will give you a complete walkthrough of password managers, some recent password manager breaches, and how to prevent when a password manager gets compromised.
What are password managers?
Password managers are secure apps that enable users and businesses to save and organize all their passwords under one safe repository or digital bolt. With this, no user will have to remember multiple passwords. The password manager will have a master password. Users have to remember only that master password to open the password manager. It saves time and makes password management seamless.
According to Expert Insight, lots of us are inadequate at keeping our corporate credentials safe. According to Verizon’s 2022 Data Breach report, over 61 percent of data breaches involved brute force, credential stuffing, or compromised credentials.
Are password managers free from breaches?
Not at all. Password manager apps and services lure cybercriminals to attack them through different techniques. Compromising password managers give attackers a bundle of login credentials and card details that they often sell on the dark web & other marketplaces or use to sneak into others’ accounts. Here is a list of some popular password managers that got compromised.
· Very recently, Norton LifeLock (a cyber-safe app) customers have become the targets of a credential-stuffing attack. Attackers used a third-party list of compromised login credentials and combined them to break into Norton’s password manager accounts. The company has detected suspicious login and is warning customers (through notifications) to take immediate action.
· Last year, LastPass got attacked multiple times. On December 2022, LastPass announced that cybercriminals took backups of the safe digital vault (cloud storage bucket) containing encrypted user data. The password manager backup held sensitive credentials like passwords, billing information, email addresses, etc.
· Again, on August 2022, LastPass became the victim of an impersonation attack. Cyberattackers breached their password managers’ development environment to use their dirty hands on source code and customer data.
· In 2019, researchers found vulnerabilities in password managers like Dashlane, KeePass, 1Password, etc.
Popular ways password managers can get hacked
There are different ways password managers can get hacked. These are:
· There are a bunch of diverse methods to perform local hacking attacks. It could be your unpatched operating system or password manager.
· Attackers can also use social engineering techniques like phishing or malware like spyware Trojans to steal sensitive data from your system.
· Cybercriminals can also perform credential-stuffing attacks to gain lists of compromised passwords from the dark web and other marketplaces. Then they use a dictionary attack or combination attempts to gain access to password managers.
· Even the password manager vendor service is also not safe. Attackers perform remote storage attacks like finding vulnerabilities in cloud storage buckets and copying all sensitive user credentials of that password manager.
· Weak encryption in password managers can also lead to a cyber threat to the users’ multiple credentials stored in the system.
· Some attackers look for zero days (attacks that are not released officially but are sold over the dark web or in hackers' communities) and the vulnerability of such apps to compromise the app.
What to do if your password manager gets compromised?
Nothing is 100% secure. Your password manager is no different. If you see vendor notification that they have encountered a severe breach or if you feel your password manager has suspicious activities or login attempts, take immediate action.
Here are some helpful methods & tips to prevent your online accounts and data if your password manager gets compromised.
1. Every password manager has a master password. Try to change that password twice. Also, you must set multi-factor authentication for your account.
2. You must have kept the accounts’ login credentials of multiple online services in your password manager. Based on your preferences & priorities, change the password of all those online service accounts manually.
3. Change the passwords to paraphrases that must be long and complex.
4. Users must patch the password manager immediately once the vendor sends the update notification.
5. Password manager users must stay vigilant about whether any news platform captured compromising updates of the password manager.
6. Use paraphrased passwords that are long so that even automated brute force tools cannot break them.
7. Don’t let anyone know that you are using Password managers. Hide the app’s icon from your phone.
8. If you are a developer, create your own password manager, with your own 128 or 256-bit encryption algorithm. That way no one can gather insights on how to hack your password manager.
9. Never use those password managers that store all your account passwords on their so-called “secure server.” Rather use those Password managers that store your passwords locally and encrypted those files.
10. After changing the passwords, enterprises & individuals can contact security experts like Packetlabs to receive expert guidance.
Conclusion –
Nothing is impossible to hack. Since password managers hold so much personal information and login credentials, these apps & services become a prime target for cybercriminals. But that does not mean you can lose trust. But one should remain vigilant since it is a repository of all your online actions. This article highlighted what password managers are & some latest incidents of well-known password manager breaches. We also encountered how cybercriminals attack a password manager and how to save your back if your password manager gets compromised.
Hey,
If you want me to write promotional content about your brand or product, DM me here. Price Negotiable.
