Opalsec Jan 7, 2023

The #breach of #LastPass revealed a poorly maintained product riddled with flaws, delivered by a company unable to explain their own failings.

Attackers were able to steal unencrypted customer data including their IP addresses and site URLs, as well as the encrypted password vaults themselves.

The product - used by over 100,000 businesses and 33 million individuals - has left long-term customers with outdated security settings, which translates directly to an increased risk of their vaults being cracked.

It's time to jump ship if you haven't already, here's why: https://opalsec.substack.com/p/last-call-for-lastpass?sd=pf

Huge shoutout @WPalant for his detailed analysis of LastPass as a product, and dissecting the evasive language in their latest advisory.

#infosec #CyberAttack #Hacked #cyber #cybernews #infosec #infosecnews #informationsecurity #cybersecurity #hacking #security #technology #hacker #cybersecurity

Last Call for LastPass

We examine the flaws endemic to LastPass' product, and their bungled response to and disclosure of their recent compromise.

Opalsec
Show threadPedro Camargo
@Opalsec @WPalant
Want something on top of it? If you ask Lastpass for a refund, they will ask you to fill a SPREADSHEET form with your bank details for a wire transfer and send it over EMAIL.
When confronted with the fact that they are asking me to send sensitive bank detail over email, their answer was to double down.
Jan 8, 2023 at 6:24amWeb