LastPass Says Source Code Stolen in Data Breach

Discussion in 'other security issues & news' started by mood, Aug 25, 2022.

  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    16,403
    Location:
    The Netherlands
    Also make sure to read this article, most MFA methods that companies are currently using are a pretty much a joke.

    https://www.bitsight.com/blog/analyzing-exposed-sso-credentials-of-public-companies
     
  2. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    20,550
    Location:
    UK
  3. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,795
    Location:
    Among the gum trees
    Email from LastPass:
     
  4. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    FWIW

    Perhaps a coincidence, but LastPass released a v4.05.0,1289 update for at least the macOS app yesterday that does not yet seem to be documented. LastPass major browser extension versions appear to be unchanged so far.

    HTH
     
    Last edited: Dec 1, 2022
  5. Krusty

    Krusty Registered Member

    Joined:
    Feb 3, 2012
    Posts:
    9,795
    Location:
    Among the gum trees
    Another email from LastPass:
     
  6. stapp

    stapp Global Moderator

    Joined:
    Jan 12, 2006
    Posts:
    20,550
    Location:
    UK
  7. Hadron

    Hadron Registered Member

    Joined:
    Apr 1, 2014
    Posts:
    1,991
  8. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,178
    Location:
    USA
    It seems to me that Lastpass is a target simply because it has people's passwords. What do architecture, design and structure have to do with it?
     
  9. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,827
    Location:
    Brooklyn, NY
  10. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,836
    Location:
    USA
    I figured that from the beginning. It's the most productive thing they can do at this point. I know I've said it before but I'm glad I dumped them and had them delete my data. If only they would stop spamming me to try to get me to come back.
     
  11. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,031
  12. Victek

    Victek Registered Member

    Joined:
    Nov 30, 2007
    Posts:
    6,178
    Location:
    USA
    Do you use a different cloud service now or do you manage it locally?
     
  13. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    16,403
    Location:
    The Netherlands
  14. reasonablePrivacy

    reasonablePrivacy Registered Member

    Joined:
    Oct 7, 2017
    Posts:
    1,757
    Location:
    Member state of European Union
    The first part is too alarmist for me. Baseline requirements for passwords are meant for general audience. Evidence shows that being too strict on password requirements for regular people backfired in many cases.
    I don't think it is good idea to force all people accounts to paranoid, VIP level requirements. VIPs should follow advisories prepared for them. VIP, dissidents etc should have known better about their own password choices.
     
  15. xxJackxx

    xxJackxx Registered Member

    Joined:
    Oct 23, 2008
    Posts:
    7,836
    Location:
    USA
    I use Sticky Password. You can do internet sync, LAN sync, or none at all.
     
  16. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,368
    What to Do About the LastPass Breach
    https://www.youtube.com/watch?v=8uZ3QcrPCWk
     
  17. ProTruckDriver

    ProTruckDriver Registered Member

    Joined:
    Sep 18, 2008
    Posts:
    1,364
    Location:
    USN Retired 1969 ~ 1992
    Thanks for the video. My routine includes:
    • Change the Master Password every 6 months with 20+ characters, A-Z, a-z, 0-9, Symbols.
    • Change ALL my financial website passwords every 3 months.
    • My other 100+ password websites: Put them in 4 groups. Every 3 months change the website passwords on one group. By the end of the year all passwords would be change.
    • I only use a password manager for passwords. I do not store credit card numbers or any other sensitive information on a password manager.
    • Use Two-Factor Authentication when possible.
    I would do the above routine no matter what password manager I would use. It looks like a lot of work changing password all the time, but what else do I have to do. I'm retired, old and every day is a weekend for me.:argh:
    So I believe I'm safe so far, I hope. Do I trust anything in the cyber world? Hell No! :)
    Btw: ALL Password were changed when I learned of this LastPass breach.
     
  18. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    8,368
    You don't really need to regularly change passwords.
    https://www.youtube.com/watch?v=asDNQEqAGLY
     
  19. 1PW

    1PW Registered Member

    Joined:
    Apr 2, 2010
    Posts:
    1,461
    Location:
    North of the 38th parallel.
    Though frequent password changes may not be the necessity, once recommended, the existing LastPass master password might benefit from a strength test:



    Technically, both appear to use the same algorithm, but even though the UI is more colorful, the “Password Strength Test” seems to have the tested password transit the Internet.

    HTH
     
    Last edited: Dec 29, 2022
  20. summerheat

    summerheat Registered Member

    Joined:
    May 16, 2015
    Posts:
    2,031
    https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

    https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/#c000010r000001

     
  21. XIII

    XIII Registered Member

    Joined:
    Jan 12, 2009
    Posts:
    1,269
  22. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    16,403
    Location:
    The Netherlands
    Last edited: Dec 31, 2022
  23. mood

    mood Updates Team

    Joined:
    Oct 27, 2012
    Posts:
    45,337
    Location:
    Germany
    Security experts blast LastPass for misleading users about stolen password vaults and data
    By Ashwin - December 30, 2022
     
  24. Asterixpl

    Asterixpl Registered Member

    Joined:
    Mar 28, 2022
    Posts:
    32
    Location:
    Poland
    I do not trust password managers who use the cloud to store files. Mine has always been KeePass where I always have the master password database file on a flash drive.
     
  25. plat

    plat Registered Member

    Joined:
    Dec 19, 2018
    Posts:
    1,827
    Location:
    Brooklyn, NY
    I posted this elsewhere last nite cuz it just seemed, I dunno, flaky maybe? Not believable? Outrageous? Et Cetera?

    It's the search result using Duck Duck Go in Firefox (uBO takes out the sponsored junk).
    lastpass.PNG

    Guess their work is cut out for them to catch up with this hyperbole. Neat word...hyperbole. :)
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.