Really disappointed in LastPass with their lack of transparency and lack of full data encryption for a service I paid money. Looking at alternatives between 1Password and Bitwarden but having to change all my passwords is still a pain I shouldn't have to deal with.

#LastPass #lastpassbreach22

Happy Hump-day!

Excited to toot away into the void as a catalogue my technology adjacent thoughts.

Currently my big tech focus is migrating from #Lastpass due to the recent #lastpassbreach22 and am highly considering 1password but if anyone has any recommendations I'm all ears. Maybe I switch my life over to the proton ecosystem of security?

Any and all replies welcome.

I'm giving #BitWarden a try after the #lastpassbreach22 - if anybody has any suggestions for how to handle sharing with my spouse or getting my elderly parents on boarded, I would appreciate it.

Right now I'm thinking that I do a family plan and have an organization for the "Brian and Spouse Shared" passwords (utilities etc), and one for "Brian's parents' shared" where my mom and dad can put their stuff - debating self hosting eventually, maybe in AWS?

I think this is the beginning of the end of #Lastpass, they will forever be known as one of the originals and innovators of the space. But you either die the hero or live long enough to see yourself become the villian. #lastpasshack #lastpassbreach22 #lastpassdatabreach .

Time to switch to #BitWarden or #1password

https://www.wired.com/story/lastpass-breach-vaults-password-managers/

I would suggest to update every account password which had information stored in #lastpass

#LastPassHack #lastpassbreach22

I was a LastPass customer for years, but I moved to BitWarden a while back, and deleted my LastPass account. However, I'm still changing passwords for vital services after the breach news because companies don't like to delete data. This is perhaps overly paranoid, but it only took a few minutes. #lastpassbreach22 #security

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/amp/ this will be this year’s Christmas log4j for few companies at least, unfortunately for the poor choice that hey made #lastpassbreach22 #Lastpass #lastpasshack

...is a bit like being told, "Your money is secure!" even as you yourself are being carried off by kidnappers.

This, from a company whose *one job* is to keep this PII and financial information safely secured, I find to be exceptionally troubling.

/Fin

#LastPassBreach22

That data can be used to social-engineer attacks against banks, credit cards, etc.

I'm not just talking about phishing here, although that's also definitely something to be aware of.

I'm thinking more of someone calling up the bank or the credit card company and using that information to get the human at the other end of the line to let them in. Humans are the weak link here.

And being told, "Your credit card information is secure!" when your PII has been stolen...

2/

#LastPassBreach22

#LastPass had a security breach in December that has turned out to be much, much worse than initially claimed. (Thank you ArsTechnica for the detailed report. https://geeknews.chat/@arstechnica/109561070690021534)

What's most upsetting to me is that they are saying, "Oh, it's OK, there's no way that the hackers can get your credit card numbers."

But the breach disclosed data like usernames, IPs, home addresses, that were being stored unencrypted for some reason. (Cache disk? It's unclear.)
1/

#LastPassBreach22

It's sad to hear that #lastpass was so careless with users data. I used to use them before I moved over to @bitwarden, which has been flawless for me. I would highly recommend it and it has an easy import from lastpass.
#lastpassbreach22

“The attacker gained access to Lastpass' cloud storage using ‘cloud storage access key and dual storage container decryption keys’ stolen from its developer environment.” #lastpass #LastPassHack #lastpassbreach22
https://www.bleepingcomputer.com/news/security/lastpass-hackers-stole-customer-vault-data-in-cloud-storage-breach/

✨ LastPass users: Your info and password vault data are now in hackers’ hands

👉 Be extra alert for phishing emails and phone calls purportedly from LastPass or othera

👉 "would take millions of years to guess your master password using generally-available password-cracking technology." Quote from the LastPass 🤔

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

#infosec #LastPassHack #lastpass #lastpassbreach22 #hackingincidents #threatintel

Happy annual LastPass breach day to all those who celebrate!

And if you’re looking for a real password manager, 1Password is just some of the best software I’ve used generally.

#LastPassBreach22 #infosec