War on the Castle, Peace in the Valley🛡️🍉🇵🇸 🏳️‍🌈 🇺🇦Dec 24, 2022

"Forbes is the self consciousness of the bourgeois class" - TGoTJ

Major #password manager - #HACKED! I stayed up late last night changing passwords to "GFY" and then deleting their entries in lastpass. Because I migrated to #bitwarden already, but did not entirely delete my #lastpass

https://www.forbes.com/sites/daveywinder/2022/12/23/lastpass-password-vaults-stolen-by-hackers-change-your-master-password-now/?sh=1b68b0024461

#LastPassBreach #lastpasshack

LastPass Password Vaults Stolen By Hackers—Change Your Master Password Now

LastPass CEO, Karim Toubba, has confirmed that a threat actor has stolen customer password vaults.

Forbes
Show threadJudd Storrs

@theghostoftomjoad On the one hand a breach is concerning. On the other hand, it demonstrates they can detect breaches.

It's really difficult to say what it means if a competitor has not been breached. Maybe they haven't been targeted. Maybe they just don't know. Ultimately the harm of this breach doesn't seem all that bad. It's annoying, but at least you know it happened and that they were able to tell it happened.

Dec 24, 2022 at 5:32pmWeb
Show threadWar on the Castle, Peace in the Valley🛡️🍉🇵🇸 🏳️‍🌈 🇺🇦Dec 24, 2022

@jstorrs
They get points for full disclosure and transparency as far as that goes but a lot of us are wondering how honest they are being. Early disclosure is in their interest if things get worse.

And intrusion detection is not necessarily rocket science. Everyone who runs any kind of server or firewall is going to have some basic awareness and any commercial enterprise should hire independent #pentesting So it seems likely that the other major #passwordmanager vendors have diligent monitoring and would more likely than not be aware if they had been hacked.

But yes your point still does stand. Isn't this another reason for using #keepass type PWM's?

Yeesh even hard copy offline bookeeping is possibly gonna make a comeback. Not joking!