More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • GreenBottles
    link
    English
    191 year ago

    I’d be willing to bet that people store their key phrases in the notes section in LastPass which was not encrypted at rest

    • @[email protected]
      link
      fedilink
      English
      13
      edit-2
      1 year ago

      I’m sure they were encrypted. But attackers have the vaults and many people have bad passwords. Brute forcing these days is less about trying every combination and more about trying all known leaked passwords, because people reuse passwords like crazy and also just aren’t as original as they think.

      If you have millions of password vaults, I’m sure you can crack open a small number. And the ones you can crack are probably the most likely to not be following best practices, meaning it’s more likely they haven’t changed their passwords since the breach was announced a while back and they probably are less likely to have 2FA. 150 victims is such a tiny number for how many vaults were stolen when LastPass got compromised.

    • @hatchling
      link
      English
      71 year ago

      This is incorrect information. Notes are encrypted, just not their “type”. Unfortunately the most direct source for this is a reddit link, but here it is anyway.

      • GreenBottles
        link
        English
        11 year ago

        okay thanks for that I was going off of an earlier report