Zack Whittaker

🚨 This is about as bad as it gets, and three days before Christmas.

LastPass says customer password vaults were stolen in a data breach earlier this year.

More, and what to do next: https://techcrunch.com/2022/12/22/lastpass-customer-password-vaults-stolen/

TechCrunch is part of the Yahoo family of brands

Dec 22, 2022 at 9:51pmWeb
Show threadSpike Dec 22, 2022
@zackwhittaker oh. Oh, damn
Show threadMarco AyalaDec 22, 2022
@zackwhittaker damn. 🀦
Show threadsj_zeroDec 22, 2022
"What do you do when the security vendor gets hacked?" is something I ask all the time, and most people don't understand the question.
Show threadMattDec 22, 2022
@zackwhittaker Missing an important step: insist companies STOP forcing use of weak SMS or PSTN (phone call) for β€œ2FA.” (although it is better than nothing)
Show thread0GNinjaBackFistDec 22, 2022
@zackwhittaker thanks so much for this. I just added Google Authenticator even though LP rates my master pw at 100%. πŸ™ 😬
Show threadkeeferDec 22, 2022
@0GNinjaBackFist @zackwhittaker the password vaults can be cracked offline, so MFA on LastPass is irrelevant. If they can crack your master password then they’ll have access to everything in your vault.
Show thread0GNinjaBackFistDec 23, 2022
@keefer @zackwhittaker
*sigh*
true
Show threadNour Agha Dec 22, 2022
@zackwhittaker Merry Breachmas.
Show threadLennyDec 23, 2022
@zackwhittaker this confort me in my decision to never use a deported solution for my password management.
KeePass seems like the best solution for me.
Show threadshyduroffDec 30, 2022
@zackwhittaker … sigh is not a big enough word …