Show Navigation
Notices tagged with lastpass
-
If you read #LastPass's statement about its breach, you should read https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/ [palant info] to understand what it says behind the bullshit.
And even here, they're not mentioning that most people want an understandable word or words as their main password ... and that there are lists of the most frequent words used in passwords / the most frequently used passwords that can greatly diminish the time it takes to crack a password.
No, if you use Lastpass or even if you used it in the last year or two, you should change _every password you have_ and do it now. #repassword
-
https://en.wikipedia.org/wiki/LastPass#Security_issues
Here’s the list of publicly known security incidents at #LastPass
-
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ [blog lastpass com]
#Lastpass explores some of the information that crackers are believed to have accessed during their most recent breach. (As a reminder, #LastPass has had at least three severe breaches; it is conceivable but not assured that some or all of customers' data may have been accessed at some time in a form that the attackers could read.)
-
@cwebber This is also the 3rd or maybe even 4th time the I know of that #LastPass has been penetrated, and there could easily be other times that I don't know about.
I get the feeling that the people that did it the first time "got root" and have just periodically resurfaced ... which means they have had many years to collect and exploit data.
-
#LastPass suffers another breach, this time including customer data. https://mastodon.social/@PCMag/109434888960832842
https://www.pcmag.com/news/lastpass-suffers-another-breach-and-this-time-customer-data-is-affected [www pcmag com]
-
Actually, based on the links above, change every password you have, but do not update the information in #LastPass. It appears the cybercriminals are still inside LP's systems, gathering data in near-real time.
-
If you use the #LastPass online password manager, you may need to change _every password you have_. See https://palant.info/2021/12/29/how-did-lastpass-master-passwords-get-compromised/ [palant info]
Source: https://toot.cafe/@nolan/107533349422032613
-
Do both, even if you decide to close your #lastpass account.
And isn't this the third or fourth time they've been penetrated? At this point, their paid and unpaid customers should be concerned that the company may suffer a ransomware attack and they'll be locked out of all their sites.
-
So, #LastPass. For a day or two, I've seen an occasional mention that someone's master password seems to have leaked.
Personally, I no longer believe that online password managers are worth the risk, but at one point, I did use LP myself (because I paid for their bookmarks sync service). In fact, I closed my account because I felt like they did not understand that they are a security service.
They had asked for some permission that I felt was unnecessary for a service that should merely manage passwords, so I closed my account.
Anyway, if you have a Lastpass account, I'd recommend that you first log in and change your LP master password, then change _every password_ that you had stored in that account.
-
Zillions of years ago, I used #Keepass on Windows with extensions to work directly with the browser. Then I switched to #KeepassX, because the same program worked on Linux. Recently, I’ve started migrating toward #KeepassXC ... once again, the browser extensions are working nicely on Windows. (I haven’t tried KeepassXC yet on Linux, because I need to upgrade my main laptop from Kubuntu 18.04 to 20.04.)
I was thinking about switching to #Pass (which seems to be GPG + shell scripts), but the browser integration is really nice. I had forgotten how nice it is. If you used #Lastpass or #1Password, it is like that, only without any concerns that the homebase server will be penetrated.
-
@brandon @bob@soc.freedombone.net Years ago, #Lastpass asked for crazy permissions on mobile for some non-security add-on feature. After trying to persuade them that their business is secure authentication, I gave up, closed my account, and repassworded.
-
@mike I don't use #LastPass anymore because I don't trust them to keep my passwords safe.
-
@mike I don't use #LastPass anymore because I don't trust them to keep my passwords safe.
-
I need a password manager which is
* open source
* #Linux and #Android at least, ideally all platforms
* imports from #Lastpass
Halp?
-
@taiganaut Did #lastpass have another breach? They should rename to #lostpass.