Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Software
General Apps
Privacy and encryption
Lastpass says hackers accessed customer data in new breach
Message
<blockquote data-quote="Stopspying" data-source="post: 1018159" data-attributes="member: 69368"><p>I missed this post from Dec 28th but I think it is still worth highlighting here more detail about the failings of Lastpass - </p><p></p><p>"LastPass has been breached, data has been stolen. I already <a href="https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/" target="_blank">pointed out</a> that their official statement is misleading. I also explained that <a href="https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/" target="_blank">decrypting passwords in the stolen data is possible</a> which doesn’t mean however that everybody is at risk now. For assessing whether you are at risk, a fairly hidden setting turned out critical: password iterations.</p><p>LastPass provides <a href="https://support.lastpass.com/help/how-do-i-change-my-password-iterations-for-lastpass" target="_blank">an instruction to check this setting</a>. One would expect it to be 100,100 (the LastPass default) for almost everyone. But plenty of people report having 5,000 configured there, some 500 and occasionally it’s even 1 (in words: one) iteration.</p><p></p><p>Let’s say this up front: this isn’t the account holders’ fault. It rather is a massive failure by LastPass. They have been warned, yet they failed to act. And even now they are failing to warn the users who they know are at risk...."</p><p>[URL unfurl="true"]https://palant.info/2022/12/28/lastpass-breach-the-significance-of-these-password-iterations/[/URL]</p><p></p><p></p><p>[URL unfurl="true"]https://www.malwarebytes.com/blog/news/2023/01/lastpass-updates-security-notice-with-information-about-a-recent-incident[/URL]</p></blockquote><p></p>
[QUOTE="Stopspying, post: 1018159, member: 69368"] I missed this post from Dec 28th but I think it is still worth highlighting here more detail about the failings of Lastpass - "LastPass has been breached, data has been stolen. I already [URL='https://palant.info/2022/12/26/whats-in-a-pr-statement-lastpass-breach-explained/']pointed out[/URL] that their official statement is misleading. I also explained that [URL='https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/']decrypting passwords in the stolen data is possible[/URL] which doesn’t mean however that everybody is at risk now. For assessing whether you are at risk, a fairly hidden setting turned out critical: password iterations. LastPass provides [URL='https://support.lastpass.com/help/how-do-i-change-my-password-iterations-for-lastpass']an instruction to check this setting[/URL]. One would expect it to be 100,100 (the LastPass default) for almost everyone. But plenty of people report having 5,000 configured there, some 500 and occasionally it’s even 1 (in words: one) iteration. Let’s say this up front: this isn’t the account holders’ fault. It rather is a massive failure by LastPass. They have been warned, yet they failed to act. And even now they are failing to warn the users who they know are at risk...." [URL unfurl="true"]https://palant.info/2022/12/28/lastpass-breach-the-significance-of-these-password-iterations/[/URL] [URL unfurl="true"]https://www.malwarebytes.com/blog/news/2023/01/lastpass-updates-security-notice-with-information-about-a-recent-incident[/URL] [/QUOTE]
Insert quotes…
Verification
Post reply
Top
