PeteFeb 6, 2023

Really disappointed in LastPass with their lack of transparency and lack of full data encryption for a service I paid money. Looking at alternatives between 1Password and Bitwarden but having to change all my passwords is still a pain I shouldn't have to deal with.

#LastPass #lastpassbreach22

pezhore Jan 1, 2023

I'm giving #BitWarden a try after the #lastpassbreach22 - if anybody has any suggestions for how to handle sharing with my spouse or getting my elderly parents on boarded, I would appreciate it.

Right now I'm thinking that I do a family plan and have an organization for the "Brian and Spouse Shared" passwords (utilities etc), and one for "Brian's parents' shared" where my mom and dad can put their stuff - debating self hosting eventually, maybe in AWS?

Show threadHugh StimsonDec 27, 2022

I'm not qualified to comment on security, but:

If you want a truly well thought through, feature-packed, cleanly designed password manager and don't mind paying for it, #1Password is worth it. What I use personally.

If you want all the basic boxes ticked in a workmanlike way, #Bitwarden is cheap, fully functional, and actively developed. What we use at work.

#LastPass #LastPassHack #LastPassBreach #LastPassBreach22 #PasswordManager #PasswordManagers

AaronDec 23, 2022
I was a LastPass customer for years, but I moved to BitWarden a while back, and deleted my LastPass account. However, I'm still changing passwords for vital services after the breach news because companies don't like to delete data. This is perhaps overly paranoid, but it only took a few minutes. #lastpassbreach22 #security
Extropic CrusaderDec 23, 2022

...is a bit like being told, "Your money is secure!" even as you yourself are being carried off by kidnappers.

This, from a company whose *one job* is to keep this PII and financial information safely secured, I find to be exceptionally troubling.

/Fin

#LastPassBreach22

Show threadExtropic CrusaderDec 23, 2022

That data can be used to social-engineer attacks against banks, credit cards, etc.

I'm not just talking about phishing here, although that's also definitely something to be aware of.

I'm thinking more of someone calling up the bank or the credit card company and using that information to get the human at the other end of the line to let them in. Humans are the weak link here.

And being told, "Your credit card information is secure!" when your PII has been stolen...

2/

#LastPassBreach22

Extropic CrusaderDec 23, 2022

#LastPass had a security breach in December that has turned out to be much, much worse than initially claimed. (Thank you ArsTechnica for the detailed report. https://geeknews.chat/@arstechnica/109561070690021534)

What's most upsetting to me is that they are saying, "Oh, it's OK, there's no way that the hackers can get your credit card numbers."

But the breach disclosed data like usernames, IPs, home addresses, that were being stored unencrypted for some reason. (Cache disk? It's unclear.)
1/

#LastPassBreach22

Ars Technica (@[email protected])

Attached: 1 image LastPass users: Your info and vault data is now in hackers’ hands https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/?utm_brand=arstechnica&utm_source=twitter&utm_social-type=owned&utm_medium=social Original tweet : https://twitter.com/arstechnica/status/1606060647325876224

Geek News Central Mastodon Chat
dodothedev Dec 23, 2022
It's sad to hear that #lastpass was so careless with users data. I used to use them before I moved over to @bitwarden, which has been flawless for me. I would highly recommend it and it has an easy import from lastpass.
#lastpassbreach22
Patrick DoneganDec 23, 2022
“The attacker gained access to Lastpass' cloud storage using ‘cloud storage access key and dual storage container decryption keys’ stolen from its developer environment.” #lastpass #LastPassHack #lastpassbreach22
https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/
Lastpass: Hackers stole customer vault data in cloud storage breach

LastPass revealed today that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident.

BleepingComputer
Astra Kernel Dec 23, 2022

✨ LastPass users: Your info and password vault data are now in hackers’ hands

👉 Be extra alert for phishing emails and phone calls purportedly from LastPass or others

👉 "would take millions of years to guess your master password using generally-available password-cracking technology." Quote from the LastPass 🤔

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

#infosec #LastPassHack #lastpass #lastpassbreach22 #hackingincidents #threatintel

LastPass users: Your info and password vault data are now in hackers’ hands

Password manager says breach it disclosed in August was much worse than thought.

Ars Technica