If you have not heard about the LastPass hack, you can find lots of information about it on the internet. Here is the nutshell:
- Hackers acquired a copy of the entire LastPass customer password database
- Changing your LastPass master password is pointless now because the hackers have a copy of the entire database
- Passwords are encrypted, but the web-address and “other” information is unencrypted. This means hackers can look at the data and target a customer’s password vault that has bank accounts, for example
- It is only a matter of time before hackers can use automation to guess your Master Password and get access to everything
We used LastPass at WilloWare. NONE of our customer data in the LastPass vault. But what it does contain is the API key our software uses to:
- Create a new support case. Such as when you click the “Send To WilloWare” button on our About window
- Send an error message to us from the “Ooops” window
- Retrieve a new or updated Registration Key by clicking the “Get Key Online” button on our Registration window
The old API key could, in theory, be used to access our Zendesk account and send phishing emails to our customers. This has NOT happened. To ensure it cannot happen we have deleted the old API key and will be including a new API key as we release new builds of our products and customizations.
Effectively immediately you will not be able to create a new case, submit error messages, or retrieve a new Registration Key through our software.
If you install an update to any of our products or customizations with a build date after 5-JAN-2023 it will have the new API key and normal functionality will return.
- As of 8-JAN-2023 all products have been updated with the new API Key