Thanks to #LastPassHack I finally migrated my passwords from #lastpass to #1password and updated/altered most of them. Liking it so far. Especially the break down and color coding of password characters. Lastpass made me deliberately avoid using upper case i and lower case L, or letter O versus zero etc. I liked Lastpass for the longest time but now I think it's fallen off the rails.

So we were already switching away even before that 🤷‍♂️

#lastpass #logmein #security #LastPassHack #LastPassBreach

https://www.theverge.com/2023/1/24/23569109/goto-hack-lastpass-breach-encrypted-backups-key

After being a #LastPass user for around 10 years, I've shifted over to #1password due to the shameful way they handled the #LastPassHack and it's superior product by far. Should have done this ages ago.

@leo #SecurityNow #LastpassHack #LastPassBreach
People complain that it's tedious to change all passwords because it's different on all websites?

Try deleting your account. Rarely is that something you can achieve without getting into lengthy email battles with their support. And more often than not it takes ages to even reach a human.

#privacy #rant

Episode 144 of #BreakingBadness is now available. This week @ColonelPanic speaks with CISO @danonsecurity and #SecOps Engineer @neurovagrant on the #LastPassHack. Tune in for their thoughts and recommendations here: https://www.domaintools.com/resources/podcasts/144-lastpass-on-the-left?utm_source=Social&utm_medium=Mastodon&utm_campaign=Breaking-Badness

📬 Lesetipps: BMW und die versteckten Abogebühren, Adobe trainiert KI auf eure Kosten
#Datenschutz #Empfehlungen #Gaming #Hacking #Internet #KünstlicheIntelligenz #Kurios #Kurznotiert #Lesetipps #Linux #PodcastsundVideos #RetroComputing #adobe #applewatch #Ausweiszwang #BMW #CCC #Disney+ #EvaKaili #Korruption #LastPassHack #PatrickBreyer #Scam #Sicherheitslücken #Siri #StefanundSven #WhatsApp #Zeroday https://tarnkappe.info/lesetipps/lesetipps-bmw-und-die-versteckten-abogebuehren-adobe-trainiert-ki-auf-eure-kosten-262715.html

@Barnacules
Pardon the impertinence, but is “funny” not your often stock in trade…? (Funny haha, rather than funny peculiar).
If anyone sees anything funny peculiar would be more of a concern worth raising.
Good luck with the recovery.

#Hacked #LastPassBreach #LastPassHack #LastPass #Barnacules

What sucks, as a security student and advocate, I tell people that using any password manager is better than nothing... now something like this happens and a lot of us have to explain and re-assure people...

A lot of security people might be taking a hit in their credibility when things like this happen and have to deal with people who are skeptics/doubters to begin with...

#lastpass #LastPassHack #LastPassBreach #cybersecuritynews
https://www.youtube.com/watch?v=SoyYpq4y6XE

I use keepassxc for my password management because I consider it the safest option and to avoid kerfuffles like the #LastPassHack

LastPass soll bei Bekanntgabe des Sicherheitslecks gelogen haben. Ich habe nicht ohne Grund meinen Freunden und Bekannten immer gesagt einen offline Safe zu nutzen. Wer nicht hören will muß eben fühlen. #LastPassHack #datenschutz

https://winfuture.de/news,133810.html

I see so many talking about the #LastPassHack and never see anyone mention #enpass as an alternative. I’ve been using #enpass for a few years and have totally loved it.

https://www.youtube.com/watch?v=SciDoKHTKa8
TL;DR
1. 小心釣魚攻擊，特別是公司用戶，因為駭客取得了所有 metadata，包含公司 email、公司用什麼服務、公司帳單資訊、ip 等等。

2. 請改密碼，因為密碼 vault 也被拿走了，雖然有加密，但如果 master password 很爛（e.g. qwer123）大概也會被破解。
#lastpasshack

Just wow. #LastPassHack #LastPassBreach https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/ (via @stepri)

"Problems With Passphrases
To say it one more time: Your passphrases need to be randomly generated! (As well as your passwords, of course.) Do not generate your own “good” passphrase by just looking around in the room you are sitting in and concatenating the things you see to generate a passphrase."
SOURCE: https://weberblog.net/password-strengthentropy-characters-vs-words/

#password #passphrase #passwords #passwordmanager #lastpass #LastpassHack #infosec

📬 Lesetipps: Das Problem mit der Datenlieferkette und ein unsicherer Linux-Desktop
#Cyberangriff #DarkCommerce #Datenschutz #Deepweb #Gaming #Hacking #Internet #Kurios #Lesetipps #Linux #Malware #PodcastsundVideos #ReverseEngineering #CCC #Continental #Jahresrückblick #Kindesmissbrauch #LastPassHack #LinuxSicherheit #Spionage #truecrime #Twitter #Überwachung #windows https://tarnkappe.info/lesetipps/lesetipps-das-problem-mit-der-datenlieferkette-und-ein-unsicherer-linux-desktop-261487.html

Worst case scenario for the #LastPassHack:

1. Website developers save server passwords in LastPass.
2. Those developers are storing their user's passwords insecurely on their servers.
3. Ergo, all of THOSE passwords are compromised.

How many devs were using LastPass?? 😳

Very much enjoying spending xmas eve closing the barn door and preparing to move the whole menagerie to a different farm. #LastPassHack

"Forbes is the self consciousness of the bourgeois class" - TGoTJ

Major #password manager - #HACKED! I stayed up late last night changing passwords to "GFY" and then deleting their entries in lastpass. Because I migrated to #bitwarden already, but did not entirely delete my #lastpass

https://www.forbes.com/sites/daveywinder/2022/12/23/lastpass-password-vaults-stolen-by-hackers-change-your-master-password-now/?sh=1b68b0024461

#LastPassBreach #lastpasshack

I would suggest to update every account password which had information stored in #lastpass

#LastPassHack #lastpassbreach22

Ok, I was tired of rumors speculating about which #LastPass fields appear to be encrypted client-side before being sent to LastPass, so I ran some tests of my own.

For a basic "Password" item, here is what I can tell so far.

When saving the item, the following primary fields are transmitted encrypted:

• Name
• Extra (Notes field)
• Username
• Password
• TOTP (not in this screenshot, but did test)

However, I also observed the following fields having a cleartext (hex) version in the payload as well:

• Name
• Username
• URL
• Folder Name (not hex)

So in other words, there is more than just the URL being transmitted to LastPass in the clear, which makes sense because LastPass' Admin console reveals login activity for all users which includes Name, Username, and URL of the login event; so naturally, these things must be transmitted and kept server-side outside of the vault. However, this once again does go against their "zero-knowledge of anything in your vault" marketing...

Screenshots of this test below. I have omitted the encrypted data to prevent revealing enough for a "Known Plaintext Attack" to derive a key, but the relevant pieces are visible.

If I am missing anything here, do let me know.

#LastPassHack #LastPassBreach