LastPass vaults leaked to hackers

fuzzylumpkin

Well-known member
Dec 7, 2012
5,554
2,567
113
LastPass have been acting weird for a few months now. Never liked the idea of a company having a backup of my password vault anyway.
 

mustang7757

Super Moderator
Moderator
Feb 6, 2017
95,448
10,730
113
Looks like everyone is vulnerable to hacks , dont use them only Google and Samsung but can happen any one of them .
 

B. Diddy

Senior Ambassador
Moderator
Mar 9, 2012
167,784
8,045
113
Grrr, I changed my master password for now. Will be looking into changing to something else when I have more time to look into it, like 1Password or Bitwarden ...
 

me just saying

Well-known member
Jul 18, 2015
2,068
108
63
I used to use LastPass but swapped to bit warden a couple of years ago. They are very similar. That said, I have to use a manager, I just hope LastPass completely deletes accounts of users who cancel their service. Otherwise it could be a real mess for users and former users. Also, in this case, changing master password may not prevent exposure since it seems the hackers got a copy of the vault and have plenty of time to brute force accounts. May have to change all the passwords for saved accounts.
 

fuzzylumpkin

Well-known member
Dec 7, 2012
5,554
2,567
113
I used to use LastPass but swapped to bit warden a couple of years ago. They are very similar. That said, I have to use a manager, I just hope LastPass completely deletes accounts of users who cancel their service. Otherwise it could be a real mess for users and former users. Also, in this case, changing master password may not prevent exposure since it seems the hackers got a copy of the vault and have plenty of time to brute force accounts. May have to change all the passwords for saved accounts.

You are correct, changing the master password won't do anything as the master password will always be the same on the key files that were exfiltrated. People will need to change all of the passwords that were stored in their LastPass vaults.
 

Mooncatt

Ambassador
Feb 23, 2011
11,017
745
113
That said, I have to use a manager, I just hope LastPass completely deletes accounts of users who cancel their service.

Pretty sure they do. As to the issue at hand, here's their update from a couple days ago.

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Long story short, as long as you use a strong master password and follow their default settings, it would take "millions of years" to guess it. I have taken issue with them on something else in the past, but I trust that statement on this one. From what I've seen and understand of their encryption, even a group like the NSA would have trouble breaking into a user's vault without the master password. A couple of extra points to note:

-It's recommended to change your passwords about every 6 months or so.

-They do caution of possible phishing attempts for for your master password based on data obtained from other breaches not related to this one.

So while it could be recommended to change your passwords for this, it's something you would already be doing anyway if you really cared that much about your security. If you don't, it's a risk you're already accepting. Phishing is a constant threat, which we should all be on the lookout for anyway. Thus, this is not some "sky is falling" announcement in my opinion. It's important to know, but I'm not getting super worked up about it.
 

Trending Posts

Forum statistics

Threads
951,378
Messages
6,952,809
Members
3,162,339
Latest member
swati404