Actually laughed out loud at the email from LastPass with the subject line "Cybersecurity starts with you." #LastPassHack

Sequência com informação essencial sobre #LastPassHack #LastPass (em inglês)

@BleepingComputer https://infosec.exchange/@BleepingComputer/109948929028067133

The company published new details about a disastrous breach in which hackers stole customers' vaults. It's time to switch.
https://www.vice.com/en/article/xgye3k/lastpass-shouldnt-be-trusted-with-your-passwords
#CYBER #LastPassBreach #LastPassHack #worldnews #hacks #passwordmanagers #Breach

#cybersecurity #lastpass #LastPassHack
LastPass: DevOps engineer hacked to steal password vault data in 2022 breach
https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach/

@Haste

Will this be the end of #Lastpass? Is anyone still using it? I was actually one of those hardcore fans that paid when they changed the pricing-tiers, but due to it being closed source and me still seeing ads showing that I was tracked, I realised it was them so a switched to #BitWarden. Since then, all #ads are irrelevant to me.

#tech #infosec #security #hacking #hack #Lastpass #LastpassHack #Bitwarden #PasswordManager

@Techmeme

http://www.techmeme.com/230227/p30#a230227p30

It was through their home computer and a keylogger due to a known remote code execution exploit.

Again, very weird how they knew to target this person and where. These guys were watched.

#godaddy #Lastpass #lastpasshack #Hack #hacking #breach

@Techmeme

https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach

"As only four LastPass DevOps engineers had access to these decryption keys, the threat actor targeted one of the engineers. Ultimately, the hackers successfully installed a keylogger on the employee's device by exploiting a remote code execution vulnerability in a third-party media software package."

It's crazy how they knew to target these 4 individuals. I would love to know how they figured it out. Both this and the #GoDaddy hacks were very intricate

#Lastpass #LastpassHack #Hack #Hacking #Breach

Straks Last Pass vervangen door Bitwarden. De laatste info over LP is toch niet zo geruststellend. #lastpasshack

The Register: For password protection, dump LastPass for open source Bitwarden.
https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/
#lastpass
#lastpasshack
#bitwarden

First LastPass, now Slack and CircleCI. The hacks go on (and will likely worsen)
Don't expect victims to be forthcoming. Their alerts conceal more than they reveal.

https://trib.al/VnSblC8

#lastpass #slack #circleci #infosec #technology #hacks #hacked #hacker #cybersec #security #cybersecurity #lastpasshack

@ct_bergstrom @bxchen The Verge covers it well: https://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal

#LastPass #LastPassBreach #LastPassHack are all good hashtags for more info/opinions by infosec experts.

It will re-encrypt your master password with the new number of iterations and then re-encrypt your vault (well, the parts that are encrypted, such as passwords, but not the parts that LastPass stores in cleartext, like email addresses and URLs) using the new key. You should probably change your actual password as well.

#security #LastPass #LastPassHack

I have a lot of passwords stored on #LastPass, so I don't feel ready quite yet to migrate all my passwords to 1Password (which I use for work). So an easy thing I've done to upgrade the security on my LastPass vault is to change the number of PBKDF2 iterations on my master password from 100,100 (the LastPass default) to 310,000 (the current OWASP recommendation). To do this, go to your account settings, click "Show Advanced Settings", and scroll down. 🧵

#security #LastPassHack

@Mikal Its not so much _your_ password that counts when the DJI data vault gets hacked, despite their glib assurances of "security", b/c then all you can do is reset your pwd again (and again). Assuming they detected the breach.

If you have not already done it, use https://HaveIBeenPwned.com to see where your emails/phones show up in hacks.

I was reading about the #LastPass #LastPassBreach #LastPassHack and decided since my vault had been exposed, even tho' encrypted, that since LastPass didn;t reveal all details, they aren't to be trusted, so I switched pw managers to another popular one.

Glad I swapped all my passwords into a local/offline password manager considering the latest data breach. #lastpass #LastPassHack

A good reminder for when your are updating/creating your passwords #LastPassHack

Hey @Bitwarden, As a user, I want to know that kind a steps has been taken to prevent a data breach similar to LastPass had?

#Bitwarden #lastpasshack

I think this is the beginning of the end of #Lastpass, they will forever be known as one of the originals and innovators of the space. But you either die the hero or live long enough to see yourself become the villian. #lastpasshack #lastpassbreach22 #lastpassdatabreach .

Time to switch to #BitWarden or #1password

https://www.wired.com/story/lastpass-breach-vaults-password-managers/

#Krisenkommunikation a la #lastpass #lastpasshack
https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/

After the recent #lastpasshack I decided to host my own local #vaultwarden at home. I just have too many passwords to remember, and I need access from remote locations as well, so this is hopefully a both safe and convenient solution.