LastPass Data Breach

[Jandrews]

Anyone hear about this? Saw notification of it in an email from Last Pass

They are saying "certain customer information" was compromised, but password info is safe due to their zero knowledge architecture

Is there anything actually secure? I was considering a LastPass account, but never went ahead with it for this specific reason

Now, sure enough, they have been compromised

An app to store all of your passwords

What could go wrong

Well, this

[A930Rocket]

I read it was the second time in so many months for them.

That’s not good.

[LWJ]

I am hoping this is a big nothing. As I use LP.

[Por_sha911]

https://www.zdnet.com/article/lastpass-hacked/

Quote:

LastPass, the popular password management service, recently announced that it was hacked. Specifically, LastPass's CEO Karim Toubba wrote that an "unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information."

This isn't the first time LastPass has had security problems. In 2021, it appeared that some users' LastPass Master Passwords may have been revealed. LastPass replied that it hadn't been breached, but users who had gotten emails warning them that an unknown person was trying to log into their accounts weren't convinced. Nevertheless, LastPass insisted that it was just the result of a credential stuffing attack.

In 2020, LastPass had a major outage, and users reported they couldn't log into their accounts or autofill passwords.

In 2019, a significant LastPass security problem was uncovered by security researchers as well.

Willie Sutton when asked why he robbed banks: "because that's where the money is". You gotta think that LastPass is a prime target of hackers because it is the bank of passwords.

[KFC911]

I don't keep information in the cloud or on other people's servers if I can avoid it. I'd rather have all my assets invested in Bitcoins and have no such worries....

But that's just me

[sc_rufctr]

I'm getting impression that a lot of (most?) online resources are open to getting hacked.

There must be an army of hackers out there that do nothing else.

[svandamme]

Quote:

Originally Posted by sc_rufctr

I'm getting impression that a lot of (most?) online resources are open to getting hacked.

There must be an army of hackers out there that do nothing else.

Russians have state sponsorred companies for that

[GH85Carrera]

I know the FBI, the CIA, Apple and Microsoft have all been hacked, and data stolen. I have never been hacked.

I looked at the password apps and almost pulled the trigger and signed up, but I decided to just keep using a password list on my own computer, in a hidden file. Not as convenient as an auto-fill password manager, but it has worked for me since the early 1980s.

It is tedious to use the two factor authentication for a lot of sites, but is is more secure.

Way back in in the 1980s one of my friends was THE head of email for all of SW Bell. He had a business card sized gizmo with a text string of a lot of numbers that changed regularly. It was his password generator that he had to enter the numbers from that card into a portal, and only then was he able to access a login page to enter his convoluted username and password. He did say his username was nothing at all to do his actual name and the password back then was long and had upper and lower case, special characters, and even some ASCII code characters. Since he was in charge of millions of email accounts he had to be 100% secure.

[stealthn]

Yup this is their second breach this year. This one was done through GoTo as they share some servers/databases.

We use Passportal which is excellent, although I’m not concerned about the passwords getting decrypted, once they get the source code, I get nervous.

Reminds me of the Solarwinds supply chain breach, we lost a lot of customers on that one.

Any company can be breached….