LastPass vaults leaked to hackers

fuzzylumpkin

Well-known member
Dec 7, 2012
5,555
2,558
113
Visit site
LastPass have been acting weird for a few months now. Never liked the idea of a company having a backup of my password vault anyway.
 

mustang7757

Super Moderator
Moderator
Feb 6, 2017
91,536
6,118
113
Visit site
Looks like everyone is vulnerable to hacks , dont use them only Google and Samsung but can happen any one of them .
 

B. Diddy

Senior Ambassador
Moderator
Mar 9, 2012
165,542
4,681
113
Visit site
Grrr, I changed my master password for now. Will be looking into changing to something else when I have more time to look into it, like 1Password or Bitwarden ...
 

me just saying

Well-known member
Jul 18, 2015
1,986
28
48
Visit site
I used to use LastPass but swapped to bit warden a couple of years ago. They are very similar. That said, I have to use a manager, I just hope LastPass completely deletes accounts of users who cancel their service. Otherwise it could be a real mess for users and former users. Also, in this case, changing master password may not prevent exposure since it seems the hackers got a copy of the vault and have plenty of time to brute force accounts. May have to change all the passwords for saved accounts.
 

fuzzylumpkin

Well-known member
Dec 7, 2012
5,555
2,558
113
Visit site
I used to use LastPass but swapped to bit warden a couple of years ago. They are very similar. That said, I have to use a manager, I just hope LastPass completely deletes accounts of users who cancel their service. Otherwise it could be a real mess for users and former users. Also, in this case, changing master password may not prevent exposure since it seems the hackers got a copy of the vault and have plenty of time to brute force accounts. May have to change all the passwords for saved accounts.

You are correct, changing the master password won't do anything as the master password will always be the same on the key files that were exfiltrated. People will need to change all of the passwords that were stored in their LastPass vaults.
 

Mooncatt

Ambassador
Feb 23, 2011
10,752
312
83
Visit site
That said, I have to use a manager, I just hope LastPass completely deletes accounts of users who cancel their service.

Pretty sure they do. As to the issue at hand, here's their update from a couple days ago.

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

Long story short, as long as you use a strong master password and follow their default settings, it would take "millions of years" to guess it. I have taken issue with them on something else in the past, but I trust that statement on this one. From what I've seen and understand of their encryption, even a group like the NSA would have trouble breaking into a user's vault without the master password. A couple of extra points to note:

-It's recommended to change your passwords about every 6 months or so.

-They do caution of possible phishing attempts for for your master password based on data obtained from other breaches not related to this one.

So while it could be recommended to change your passwords for this, it's something you would already be doing anyway if you really cared that much about your security. If you don't, it's a risk you're already accepting. Phishing is a constant threat, which we should all be on the lookout for anyway. Thus, this is not some "sky is falling" announcement in my opinion. It's important to know, but I'm not getting super worked up about it.
 

Members online

Forum statistics

Threads
943,025
Messages
6,916,952
Members
3,158,787
Latest member
olevalvag