Lo que realmente pasó vs como yo lo viví (Mi recomendación de gestor de contraseña).

Hace un tiempo guardaba mis #contraseñas en del #navegador, me entro la paranoia después de un #hackeo a #Google, hacia poco me había pasado a #Firefox y pensé en usar un administrador de contraseñas externo por las dudas.

Use #lastpass, vi la noticia que habían hackeado un administrador de contraseñas y pensé... Si Lastpass es el que más usuarios tiene, es el más propenso a que lo intenten hackear. Empecé a buscar una alternativa confiable y segura, pero menos popular.

Encontre #bitwarden, cambie nuevamente todas mis contraseñas, y me pasé a este maravilloso servicio.
Al mes hackean lastpass, por suerte había eliminado mi cuenta con todos los datos, ya me encontraba a gusto con bitwarden.

Nuevamente mi paranoia se disparo, empecé a ver noticias de hackeos a gestores de contraseña y dije... Tengo que encontrar una alternativa offline, la nube ya no es segura.
Me pasé a #Keepass y no pasaron dos semanas que me entero del hackeo a bitwarden

Actualmente uso Keepass offline y sincronizo mis dispositivos con #syncthing

Ahora, como lo viví yo?
De esta manera...
Era el protagonista de Indiana Jones escapando de una cueva con mis preciados datos, mientras todo de tras mio se desmoronaba XD

Maybe…. Maybe you should sit this one out, #lastpass 👀

#databreach #security

Referenced link: https://proton.me/blog/check-if-email-leaked?ref=instantsearch.
Originally posted by Proton Mail / @ProtonMail@twitter.com: https://twitter.com/ProtonMail/status/1642928132515676168#m

R to @ProtonMail: For a recent example of a #databreach look no furter than the one at #LastPass: https://proton.me/blog/lessons-from-lastpass?ref=instantsearch.

Learn more about @haveibeenpwned and how it can help here: https://proton.me/blog/check-if-email-leaked?ref=instantsearch. (2/6)

Referenced link: https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html
Originally posted by Proton Mail / @ProtonMail@twitter.com: https://twitter.com/SimpleLogin/status/1633862974762029058#m

RT by @ProtonMail: We recommend you change the email addresses you used for your accounts stored on #LastPass, and replace them with SimpleLogin aliases. This way, even if some accounts were compromised, you don't need to change your main email address too.
https://thehackernews.com/2023/03/lastpass-hack-engineers-failure-to.html

#databreach

sucks to be working for #LastPass right now, but if you’re still using this company, please use something else - this is awful

https://www.securityweek.com/lastpass-says-devops-engineer-home-computer-hacked/

Hace un tiempo que vengo usando #LastPass como gestor de contraseñas. Pero, ahora que se me acaba la suscripción, he pensado, ¿qué gestores de contraseñas usáis y por qué, #mastodontes? Actualmente pago casi 35€ al año por el servicio. ¿Me merece la pena cambiar de gestor o sigo donde estoy?

Referenced link: https://www.darkreading.com/application-security/goto-encrypted-backups-stolen-lastpass-breach
Originally posted by DarkReading / @DarkReading@twitter.com: https://twitter.com/DarkReading/status/1618601624406233096#m

More fallout from the LastPass breach: GoTo says encrypted backups for several of its tools, including Central, Pro, http://join.me/,Hamachi, and RemotelyAnywhere, were exfiltrated, along with some encryption keys. https://www.darkreading.com/application-security/goto-encrypted-backups-stolen-lastpass-breach #LastPass

First #lastpass now #norton password manager hacked.

https://www.bleepingcomputer.com/news/security/nortonlifelock-warns-that-hackers-breached-password-manager-accounts/

I understand that #LastPass was breached pretty bad. I get it!

What I don't get is the absolute hatred for the company all of a sudden and ever since the #breach

I did the necessary and not only regenerated the entropy, but changed my master pass and every single pass in my database. Which re-encrypted everything

I am not changing vendors just because they were breached and I'm not going to speak negatively either. It serves no purpose to do that and makes you look like a weenie when you do.

7/if you were using Lastpass authenticator for 2FA, you should check if you had cloud backup enabled. If you had enabled, suggest resetting your 2FA codes as well for your sites.

https://support.lastpass.com/help/how-do-i-enable-cloud-backup-for-the-lastpass-authenticator-app

#lastpass

this is a great breakdown of LastPass's very misleading public statement about their data being leaked

https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

it feels like these dishonest, misleading, arse-covering PR statements are par for the course these days, when you're a big tech company caught doing something shitty

#lastpass #security

Well that's a fun piece of #security to consider in cloud data storage:
Google SEO Advice Around #LastPass Security Breach
https://www.seroundtable.com/google-seo-advice-around-lastpass-security-breach-34626.html

#lastpass #infosec

if someone has access to your email, they can revert your lastpass account to a previous vault & password. They can do this without any additional authentication 2FAC etc.

though feature was intended for case where you changed password and forgot new one, it can be used by malicious actor.

You may want to check this page to see if your account has this feature enabled (enabled by default). It can be disabled in advanced settings.

https://lastpass.com/revert.php

@epixoip What is it about #lastpass that makes it inherently bad (you say that one shouldn't use it)? Genuine Q

Every password manager will be hacked at some point. Lastpass's disclosure etc is to be commended so we know what happened. Saying that they are rubbish isnt helpful as deters reporting of attacks. Correct me - am I misunderstanding? (no proper knowledge of IT security) #lastpass #lastpasshack

#今日宇宙流行趋势

刚刚，宇宙望远镜观测到来自69颗星球的208个标签，其中新标签54个。

所有标签中，最热门的是 #lastpass ，流行指数23.83。
新标签中，最热门的是 #festivus ，流行指数11.03。

流行指数计算公式为标签流行星球数与单一星球最多使用该标签的用户数的平衡结果（F1 Score）。

Parece que hackearon Lastpass hace un tiempo y robaron un montón de datos de usuarios. Al principio decían que no pero con cada nueva actualización admiten más y más cosas que fueron robadas. No tiene buena pinta.

Yo estoy migrando mis cuentas a otro sitio pero tengo más de 200 cuentas allí guardadas. He sido usuario durante casi 12 años.

#Lastpass

Sind hier LastPass-Anwender anwesend?
"Der Passwortmanager-Onlinedienst LastPass gesteht ein, dass Unbefugte beim Einbruch in das Cloudsystem eines Drittanbieters doch Zugriffe auf Kundendaten hatten. Darunter sind unter anderem E-Mail-Adressen und Passwörter. Viele Daten sollen aber verschlüsselt sein."

https://www.heise.de/news/Passwortmanager-LastPass-Hacker-haben-Zugriff-auf-Kennworttresore-von-Kunden-7441929.html

Das Schlüsselwort und letzten Satz scheint mir "sollen" zu sein. Tipp: Alle Zugänge prüfen und vor allem neue Passwörter setzen.

#Sicherheit #Passwortmanager #LastPass #hacker

why didn't #lastpass encrypt URL? if emails and URL were stored in plaintext , this is going to have serious #privacy implications let alone #infosec risk

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

if you use #lastpass , as your password manager:

1) reset/change your master password asap. use a long password that is hard to guess.

2) reset/change your passwords for all your email , bank accounts.

3/keep an eye on suspicious emails, and don't paste your master password anywhere

stay safe everyone