As some of you may know, LastPass had a pretty big security breach that is pretty concerning. But outside of password issues, what do SEOs need to consider with this security issue? John Mueller of Google noted that the website URLs in the breach were unencrypted and thus can be published and accessed by bots.
John wrote on Twitter, "The passwords are encrypted, but the URLs aren't. If you used it for any staging sites or internal environments where you didn't want the URLs to be public (less secure setups, URLs leak information), it would be good to take care of that too."
The announcement wrote "The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data."
The passwords are encrypted, but the URLs aren't. If you used it for any staging sites or internal environments where you didn't want the URLs to be public (less secure setups, URLs leak information), it would be good to take care of that too.
— John Mueller is mostly not here 🐀 (@JohnMu) December 23, 2022
So the website URLs of your test servers may be published and search engines might pick them up. So you want to make sure to lock those down from Google or other search engines crawling them and potentially ranking them.
But the bigger issue are the password issues, but again, those are not necessarily SEO issues unless someone gains access to your Google Search Console and removes your site, or someone deletes your website.
Forum discussion at Twitter.
