hrbrmstr 🇺🇦 🇬🇱 🇨🇦

Just stop using LastPass already, folks.

https://blog.lastpass.com/posts/klue-supply-chain-incident-and-lastpass-response

Klue Supply Chain Incident & LastPass Response - The LastPass Blog

LastPass wants to inform our customers of a security incident which recently occurred at one of our third-party suppliers and how that incident impacts LastPass and our customers.

Jun 24 at 4:06pmWeb
Show threadnyanbinary (unvalued goose)19h ago
@hrbrmstr LastPass? LastStraw!
Show threadPhillip 18h ago
@hrbrmstr And of course, they don’t have a date on their blog posts… Looks like yesterday though according to third-party coverage
Show threadThomas Reed18h ago
@hrbrmstr @Viss I don’t get why people use it anyway… I had to use it at my last job and it was truly terrible.
Show threadmoonwalker18h ago
@hrbrmstr idk dude, I just like getting hacked too much🙂
Show threadColin Haynes18h ago

@hrbrmstr

"a third-party market intelligence platform utilized by our go-to-market teams"

I'm too old to understand what that means.

Show threadJonathan T18h ago
@ColinHaynes @hrbrmstr I'm too old to care what it means.
Show threadDonn Castaneda16h ago
@ColinHaynes @hrbrmstr they sent a bunch of customer data to a contractor they were paying to help them sell more.
Show threadCraig Stewart15h ago
@ColinHaynes @hrbrmstr let me translate:
- "a third-party" : "it wasn't our fault, honest guv"
- "market intelligence platform" : "the data gathered by spying on people who don't block online ads"
- "utilized by our go-to-market teams" : "used by our sales and marketing teams"
Show threadMamiyaMan 🇨🇦 🇺🇦18h ago
@hrbrmstr It sounds like the problem is with Klue.
Show threadhrbrmstr 🇺🇦 🇬🇱 🇨🇦18h ago
@mamiyaman it's both
Show threadMyYeeHaa16h ago
@hrbrmstr @mamiyaman Is there independent reporting that indicates Lastpass content was accessed? From the linked blog post: "LastPass products, services, and infrastructure were not impacted in any way and customer vaults remain secure."
🤷‍♀️
Show threadRyan18h ago
@hrbrmstr how are they still in business?
Show threadlemgandi17h ago

@hrbrmstr

Hahahahahahah!

My last job used LastPass. After the last scandal they had us change all our work passwords, as if that would help.

I personally myself use an Android port of KeePass (https://keepass.info/download.html ). Configured to allow only local access. 'Cause I care about that stuff.

Downloads - KeePass

Show threadlizbian17h ago
@hrbrmstr @briankrebs OH: lastpass, the Ivanti of password managers
Show threadCarina C. Zona16h ago
@hrbrmstr I've lost track of how many breaches they've had in the last 5 years. It's astonishing that they still have customers.
Show threadb3lt3r15h ago
@hrbrmstr Not just LastPass - stop using *anything* requiring a cloud connection where there is a reasonably viable/accessible non-cloud alternative. Yes it's harder and realistically will be beyond some to do, but how many times do we need to entrust our data to these thieving charlatans? I mean the service providers who sell our data to brokers (227 trusted partners my arse) so they can sell us shit. Just stop if you are at all able.
Show threadSteve Scott14h ago

@hrbrmstr "Klue (klue.com), a third-party market intelligence platform utilized by our go-to-market teams which integrates with our Salesforce and Gong systems."

I'm going with don't be corporate douchebags who care more about marketing than security for 10 points

Show threadzl2tod14h ago

@hrbrmstr

Eggs.

Baskets.

Show threadDźwiedziu14h ago
@hrbrmstr
And if you have stopped using LastPass before, create a new account just to delete it.
Show threadChris Bussard8h ago

@hrbrmstr

Again?!