Opalsec Jan 7, 2023

The #breach of #LastPass revealed a poorly maintained product riddled with flaws, delivered by a company unable to explain their own failings.

Attackers were able to steal unencrypted customer data including their IP addresses and site URLs, as well as the encrypted password vaults themselves.

The product - used by over 100,000 businesses and 33 million individuals - has left long-term customers with outdated security settings, which translates directly to an increased risk of their vaults being cracked.

It's time to jump ship if you haven't already, here's why: https://opalsec.substack.com/p/last-call-for-lastpass?sd=pf

Huge shoutout @WPalant for his detailed analysis of LastPass as a product, and dissecting the evasive language in their latest advisory.

#infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #cybersecurity

Last Call for LastPass

We examine the flaws endemic to LastPass' product, and their bungled response to and disclosure of their recent compromise.

Opalsec
Show threadSamuelJohnson

@Opalsec @WPalant Lastpass authenticator app is no longer available in my Play store.

I switched to Bitwarden years ago when LogMeIn bought the company (too sketchy for me) and started deleting records from Lastpass but never finished, assuming 2FA would secure until I got around to it.

Enabled passwordless login today then found a) requires MFA be disabled then b) it seems not to be available right now (at least if app isn't already installed?) and disabling it again isn't possible.

Jan 7, 2023 at 11:33amWeb