Erin SymonsDec 24, 2022
happygeek  +  = $0

New by me at Forbes (so much for taking time off): LastPass customer password vaults stolen by threat actor, the password manager's CEO confirms. While credentials and other sensitive data is encrypted, the decryption key is derived from the master password, If this is weak then those users could be in trouble - I recommend changing the master password anyway, doing so re-encrypts the vault. If you fall into the weak master password user category, I recommend changing all your website login credentials as well.

#infosec #lastpass #passwords #databreach #tech #news

https://www.forbes.com/sites/daveywinder/2022/12/23/lastpass-password-vaults-stolen-by-hackers-change-your-master-password-now/

LastPass Password Vaults Stolen By Hackers—Change Your Master Password Now

LastPass CEO, Karim Toubba, has confirmed that a threat actor has stolen customer password vaults.

Forbes
Dec 23, 2022 at 1:09pmWeb
Show threadSharkasticDec 23, 2022
@happygeek what is the point of re-encrypting your vault when the compromised data is out there with the old encryption key. Unless you think that lastpass are going to lose the encryption keys but haven't yet
Show threadJuriDec 23, 2022
@happygeek I am suddenly very glad I made my password extremely annoying to type
Show threadChristian HendrichDec 23, 2022
@happygeek I delete my Lastpass account and switched to keepass. #lastpass #lastpassbreach #keepass #keepassxc