Trust Center
July savings, year-round protection


Learn the Basics of Cybersecurity Terminology

Education is the most powerful weapon against cyberattacks. Get to know the basics so you can better protect yourself and your business.

Data breaches aren't a matter of if, but when

Your digital life has grown exponentially over the last several years. So have cyber-related risks.


of breaches are caused by a human error, such as stolen credentials or phishing.¹


trillion dollars minimum estimated cybercrime damage costs in 2025.²

Stay ahead of the curve with cybersecurity education

There are four critical pathways to your estate: Credentials, Phishing, Exploiting vulnerabilities, and Botnets.¹ All four are pervasive in all areas of the DBIR, and no organization is safe without a plan to handle each.

You and your business must understand the basic terminology around data breaches and hacks. Doing so can help you identify the warning signs of breaches, but it can also help you inform others of the risks to avoid. Moreover, businesses can use their knowledge to properly communicate with customers in a clear and timely method if a compromise ever occurs.

Understanding how hacks are discussed

Are you a consumer who’s unsure what a business is saying when notifying you of a past breach? Are you a business that wants to communicate with your customers if organizational data is compromised effectively?

It’s important to realize that these terms are regularly misused – where people will refer to security incidents as hacks. As a best practice, review the details you'll communicate to others, and always get your information from a reliable publication.

Tip: look to the company or organization involved first and foremost for statements, blogs, information, and more as your source of truth.

Common attack terminology you should know:



An unauthorized user who attempts to gain access to an information system – the network where users create, share, and distribute information from their devices.



Any malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information or information system resources.



An attempt to exploit an information system, computer system, private network, or device by using stolen credentials.

Common types of cyberattacks

  • Credential stuffing: the next step following a brute force attack, in which someone who already has access to an account’s username and password will use it for as many other sites, apps, etc. as possible. This is the risk of reusing a password – if one of your accounts gets breached, the rest are vulnerable.
  • Basic web application attacks (BWAA): attacks that directly target an organization's most exposed infrastructure, such as web servers.
  • Phishing: a form of fraud in which a bad actor masquerades as a reputable entity or person in email or other forms of communication – smishing (text or SMS), and vishing (voice call).
  • Ransomware: a form of malware designed to encrypt files on a device, rendering any files and the systems that rely on them unusable. Ransomware has continued its upward trend with an almost 13% increase – a rise as big as the last five years combined.¹
  • Social engineering: The act of deceiving an individual into revealing sensitive information, obtaining unauthorized access, or committing fraud by associating with the individual to gain confidence and trust.
  • Supply chain attack: Attacks that allow the adversary to utilize implants or other vulnerabilities inserted before installation to infiltrate data or manipulate information technology hardware, software, operating systems, peripherals (information technology products), or services at any point during the life cycle.

Cyberattacks may cause panic, but you can find power in knowing the correct terminology and how to use and comprehend it.³

Create a cybersecurity strategy

The best thing your business can do is to put your cybersecurity education into action with a proactive plan. You can get started by implementing some of the following security measures:

  • Use a different, unique, and complex password for every online account created.
  • Use a password manager to create, store, share and manage credentials and sensitive data.
  • Turn on multifactor authentication (MFA) for services like your email, social media, online banking, work-related apps, etc.
  • Utilize data breach monitoring to keep an eye out for your credentials online, to ensure any compromised credentials are flagged and changed as soon as possible to avoid additional breaches.
  • Be proactive when interacting with the common signs of an attempted cyberattack – don’t click on links from unknown people, don’t open misspelled websites, and don’t engage with emails that are poorly written and from unknown addresses.
  • Run antivirus, endpoint protection, or antimalware protection software.
  • Regularly update your apps and operating systems (OS) to keep software up to date. 
  • Regularly backup of your critical data – either locally or to the cloud – to ensure you have an additional copy of your sensitive data in a safe place.

Sources used in this article

  1. 2022 Verizon Data Breach Investigations Report (DBIR)
  2. Secureworks Boardroom Cybersecurity Report
  3. NIST Computer Security Resource Center

Learn how LastPass protects your data against bad actors, poor password habits, and more

What if LastPass has a security incident, or gets hacked?

LastPass operates on a zero-knowledge security model. Zero-knowledge means that no one has access to your decrypted Master Password, vault or vault data except you. To ensure that only authorized access is granted to your vault, we use industry-standard mechanisms, such as AES-256 encryption and PBKDF2 hashing plus salting, to keep your Master Password safe.

LastPass also protects our infrastructure, by regularly upgrading systems and using redundant data centers across the globe to reduce the risk of downtime or a single point of failure. LastPass is market-tested and trusted by over 100,000 companies, including Fortune 500 and leading tech enterprises.

How will I know if LastPass has been hacked or if an incident has occurred?

LastPass values transparency in its incident response procedures meaning you’ll receive honest and timely communication. Communication with users will depend on the incident, and those of the highest priority will include emails, blog posts, and social posts. Earning trust from our community is rooted in the ability to communicate effectively.

What are you doing to prevent LastPass from being hacked, ensuring my data is secure?

LastPass customers are protected through LastPass’ zero-knowledge security model, in which LastPass – by design – does not have access to your Master Password, vault, or vault data. This is an industry standard that all password managers should adhere to. In addition, LastPass implements several best practices to further protect you and your data, including but not limited to:

  • Certified compliance, such as SOC 2 Type II, SOC3, BSI C5, APEC CBPR and PRP Privacy Certification, TRUSTe Enterprise Privacy Certification, GDPR, and ISO/IEC 27001:2013.
  • Audits and Penetration Tests: LastPass employs trusted, world-class, third-party security firms to conduct routine audits and testing of the LastPass service and infrastructure.
  • Bug Bounty Program: LastPass welcomes and partners with security researchers to ensure continuous improvement.

Trust Center

Your single source for the latest security, privacy, compliance, and system performance information.

Visit Trust Center

LastPass encryption model

Your data is kept secret, even from us. Learn how LastPass protects your data with a local-only encryption model.

Learn more about encryption

Technical white paper

Read about how we built the LastPass service to ensure that your data is protected and private.

Read the white paper

LastPass Labs

Learn the latest about our cybersecurity practices from our Threat Intelligence, Mitigation and Escalations (TIME) team.

Read recent posts

Stringent security meets global compliance. You get that and more with LastPass.

Free 14-day LastPass Business trial. No credit card required.