Advisory warning to users of LastPass software – action required

January 6th, 2023

Digital and Technology Services have been alerted to a cybersecurity breach of the commercially-available password management software LastPass, whereby an unauthorised party has gained access to sensitive data held by LastPass

This highly sensitive information includes names, billing addresses, telephone numbers, email addresses, and website URLs that have passwords stored within LastPass.

While LastPass is not software provided by the university, as one of the leading password management products, we are making staff and students aware as they may use LastPass in a personal capacity.

If you use this software, you will need to take action to protect yourself.


While a strong master password for your LastPass account will make it more challenging for hackers to gain access to the passwords contained within your password vault, it is recommended that, as a precaution, you:

  • Change your LastPass master password
  • Change all passwords stored within the vault
  • Change all the passwords for any other systems that share a password with your master password or any password in the vault
  • As ever, be suspicious of all unsolicited email and do not click on links or open attachment in any emails that you were not expecting

It is recommended that you prioritise accounts that are of more value to an attacker, such as bank accounts or primary email accounts. You should also review any notes or form filled data contained in LastPass to identify what the impact of its disclosure to an attacker may be.

LastPass’ Multi-factor authentication does not provide any additional protection in this breach as the attackers have an encrypted copy of the passwords to allow for an offline attack, but use of multi-factor authentication for passwords in the password vault does help protect these systems.

The LastPass information on this breach is available to read via their website.


Notwithstanding this breach, general advice remains that password managers are the best way to maintain multiple passwords for web applications.

If you have any cybersecurity questions or concerns, please do not hesitate to contact the IT service desk.

Tags: , ,

Leave a Reply


Trusted Research update: changes to technologies requiring an export control licence

The UK Government has issued an updated UK Strategic Control List, introducing additional export control measures […]

Adelaide-Nottingham Alliance: join Vice-Chancellors at event celebrating global partnership

Staff, students and researchers are invited to join the Vice-Chancellors of the University of Nottingham and […]