Etern4l Posted December 25, 2022 Share Posted December 25, 2022 LastPass users: Your info and password vault data are now in hackers’ hands 1 "We're rushing towards a cliff, but the closer we get, the more scenic the views are." -- Max Tegmark AI: Major Emerging Existential Threat To Humanity Link to comment Share on other sites More sharing options...
Azther Posted January 3, 2023 Share Posted January 3, 2023 On 12/25/2022 at 4:12 PM, Etern4l said: LastPass users: Your info and password vault data are now in hackers’ hands And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route. 3 Alienware M18X R2 | Nebula Red | i7 3740QM [OC'd to 4Ghz] | 32GB RAM | NVIDIA Quadro P4000 | 75hz OC'd Display | MXM to NVMe Adapter with Samsung 970 Evo Plus 2TB Alienware 17 R4 | i7 6700HQ | 16GB RAM | GTX 1070 | 100hz OC'd LG 1080p Display Alienware M18X R1 | Space Black | i7 2960XM | 16GB RAM | GTX 780M Link to comment Share on other sites More sharing options...
jaybee83 Posted January 3, 2023 Share Posted January 3, 2023 11 hours ago, Azther said: And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route. absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez... 2 1 Mine: Hyperion "Titan God of Heat, Heavenly Light, Power" (2022-24) AMD Ryzen 9 7950X (custom TG IHS) / Asus ROG Crosshair X670E Extreme / MSI Geforce RTX 4090 Suprim X / Teamgroup T-Force Delta RGB DDR5-8200 2x24 GB / Seagate Firecuda 530 4 TB / 5x Samsung 860 Evo 4 TB / Arctic Liquid Freezer II 420 (Push/Pull 6x Noctua NF-A14 IndustrialPPC-3000 intake) / Seasonic TX-1600 W Titanium / Phanteks Enthoo Pro 2 TG (3x Arctic P12 A-RGB intake / 4x Arctic P14 A-RGB exhaust / 1x Arctic P14 A-RGB RAM cooling) / Samsung Odyssey Neo G8 32" 4K 240 Hz / Ducky One 3 Daybreak Fullsize Cherry MX Brown / Corsair M65 Ultra RGB / PDP Afterglow Wave Black My Lady's: Clevo NH55JNNQ "Alfred" (2022-24) Sharp LQ156M1JW03 FHD matte 15.6" IGZO 8 bit @248 Hz / Intel Core i5 12600 / Nvidia Geforce RTX 3070 Ti / Mushkin Redline DDR4-3200 2x32 GB / Samsung 970 Pro 1 TB / Samsung 870 QVO 8 TB / Intel AX201 WIFI 6+BT 5.2 / Win 11 Pro Phoenix Lite OS / 230 W PSU powered by Prema Mod! Link to comment Share on other sites More sharing options...
electrosoft Posted January 3, 2023 Share Posted January 3, 2023 18 hours ago, Azther said: And people thought i was being overly paranoid for using KeePassXC instead for an offline portable solution lol, sad that this has occurred but on the other hand glad i decided to go the offline route. 7 hours ago, jaybee83 said: absolutely best route to go! especially for such a simple app, u dont need to take every shitty lil thing online these days, geez... Yep, I use no online keychain anything even Apple. As much as I love my iphone/ipad, I keep everything external and portable. Keeping anything like this in a cloud based service is just asking to be compromised. Once compromised, all your information is open for the taking. 1 1 1 Electrosoft Prime: 7950X3D | MSI X670E Carbon | MSI Suprim X Liquid 4090 | AC LF II 420 | G.Skill 6000 A-Die 2x32GB | Samsung 990 Pro 2TB | EVGA 1600w P2 | Phanteks Ethroo Pro | Alienware AW3225QF 32" OLED Eurocom Raptor X15 | 12900k | Nvidia RTX 3070ti | 15.6" 1080p 240hz | Kingston 3200 32GB (2x16GB) | Samsung 980 Pro 1TB Heatsink Edition Heath: i9-12900k | EVGA CLC 280 | Asus Strix Z690 D4 | Asus Strix 3080 | 32GB DDR4 2x16GB B-Die 4000 | WD Black SN850 512GB | EVGA DG-77 | Samsung G7 32" 144hz 32" MelMel: (Retrofit currently in progress) Link to comment Share on other sites More sharing options...
Papusan Posted March 1, 2023 Share Posted March 1, 2023 Yep, LastPass play Russian roulette with your security. On top they want that you pay for it. What a great deal. They should offer their services for free the next one or two years for already paying customers. This if they still want their services. The latest LastPass fail came from an employee’s home PC A key component of the 2022 hack was an employee's home computer that was running vulnerable third-party software. "The Killer" ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors | Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel Link to comment Share on other sites More sharing options...
Papusan Posted March 5, 2023 Share Posted March 5, 2023 LastPass Employee Could've Prevented Hack With a Software Update pcmag.com The hacker exploited a vulnerability in the Plex Media Server software that was patched in May 2020. 'The version that addressed this exploit was roughly 75 versions ago,' Plex says. "The Killer" ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors | Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel Link to comment Share on other sites More sharing options...
Sandy Bridge Posted March 9, 2023 Share Posted March 9, 2023 I didn't really understand just how bad LastPass's security practices were until reading this post on Mastodon from a Yahoo! security engineer. It's a bit long and a bit technical, even as a professional developer with some interest in security, but he's not kidding when he says they committed essentially every crypto 101 sin. Roll their own crypto... use outdated encraption rather than modern encryption... store the entire vault unencrypted in memory... tracking all the sites you log in to... I could go on (and the Yahoo! guy does), but it makes you wonder what they spent all their revenue on to have so many flaws. Meanwhile, KeePass, which doesn't have a revenue model, has none of those flaws, and not just because it's offline but because it's designed with security in mind. It sounds like 1Password and BitWarden are significantly better-designed as well. Maybe LastPass was always just an service that had a good user interface and the idea of only having to know one password, but they never really did know anything/care about security? Now the question is, will it do enough reputational/financial damage to make a difference? Will the tech press stop recommending LastPass, or even call out "whatever you use, don't use LastPass?" I'm skeptical. It wasn't until I read the Yahoo! guy's post that I realized how bad the rot goes, so how's the average person going to realize it's a house of cards? Though there is a class action lawsuit about it now, so that's something... Edit: There's also a great breakdown by a Polish guy that's not as technical as the Yahoo! one but still does a great job of conveying why this is a big deal. One of the takeways is the longer you've been a LastPass user, the easier your database is to crack! Not a good way to reward their customers! 1 Desktop: Core i5 2500k "Sandy Bridge" | RX 480 | 32 GB DDR3 | 1 TB 850 Evo + 512 GB NVME + HDDs | Seasonic 650W | Noctua Fans | 8.1 Pro Laptop: MSI Alpha 15 | Ryzen 5800H | Radeon 6600M | 64 GB DDR4 | 4 TB TLC SSD | 10 Home Laptop history: MSI GL63 (2018) | HP EliteBook 8740w (acq. 2014) | Dell Inspiron 1520 (2007) Link to comment Share on other sites More sharing options...
Papusan Posted September 28, 2023 Share Posted September 28, 2023 And it continues..... Pay Attention: Hackers Are Targeting LastPass Users With Phishing Emails pcmag.com | Sept 26, 2023 If you’re a LastPass user, be on guard for phishing emails in your inbox. Hackers are launching waves of malicious messages impersonating the password manager. LastPass this week warned users about the threat, saying the first wave of phishing emails began on Sept. 13. “Our customers began reporting a pervasive and convincing phishing campaign. The campaign had global reach and targeted a variety of sectors, including 87 of our own employees,” the company wrote in a blog post. "The Killer" ASUS ROG Z790 Apex Encore | 14900KS | 4090 HOF + 20 other graphics cards | 32GB DDR5 | Be Quiet! Dark Power Pro 12 - 1500 Watt | Second PSU - Cooler Master V750 SFX Gold 750W (For total of 2250W Power) | Corsair Obsidian 1000D | Custom Cooling | Asus ROG Strix XG27AQ 27" Monitors | Papusan @ HWBOT | Team PremaMod @ HWBOT | Papusan @ YouTube Channel Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now