Wladimir PalantDec 26, 2022

Writing more about #LastPassBreach feels like beating a dead horse. But I had a look at the official statement again and it is highly misleading. I felt the need to provide some context that #LastPass is willingly omitting.

“Again, it seems that LastPass attempts to minimize the risk of litigation (hence alerting businesses) while also trying to prevent a public outcry (so not notifying the general public). Priorities…”

https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

What’s in a PR statement: LastPass breach explained

The LastPass statement on their latest breach is full of omissions, half-truths and outright lies. I’m providing the necessary context for some of their claims.

Almost Secure
Show threadgreyghostDec 28, 2022
@WPalant asking for a friend and possibly a dumb question..... does anyone know if text or comment fields etc inside the stolen vault backups were encrypted? If they were unencrypted would you still need master password to view them?
Show threadWladimir PalantDec 28, 2022
@greyghost They are encrypted, in the same way the passwords are. I covered it here: https://palant.info/2022/12/24/what-data-does-lastpass-encrypt/
What data does LastPass encrypt?

LastPass doesn’t explain what data in its “vault” is encrypted. Everyone can download their data and see for themselves easily however.

Almost Secure
Show threadgreyghost
@WPalant awesome!
Appreciate that.
Dec 28, 2022 at 7:14amWeb