News LastPass developer systems hacked to steal source code

Toggle sidebar Toggle sidebar
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
https://www.bleepingcomputer.com/ne...eveloper-systems-hacked-to-steal-source-code/

After sending questions about the attack, LastPass released a security advisory today confirming that it was breached through a compromised developer account that hackers used to access the company's developer environment.

While LastPass says there is no evidence that customer data or encrypted password vaults were compromised, the threat actors did steal portions of their source code and "proprietary LastPass technical information."
Click to expand...

Still, I changed my master password just to be safe, and I already had 2-factor security enabled in my profile before this latest breach.
 
mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,101
126
That's huge embarrassment.

LastPass is one of the largest password management companies in the world, claiming to be used by over 33 million people and 100,000 businesses.
Click to expand...
 
balloonshark

balloonshark

Diamond Member
Jun 5, 2008
6,320
2,722
136
How many breaches have they had over the years? At this point if you're still using lastpass it's shame on you. (not directed at the OP.) I also don't understand why someone would trade their security for the convenience of being able access their passwords from the cloud.

However, LastPass stores passwords in 'encrypted vaults' that can only be decrypted using a customer's master password, which LastPass says was not compromised in this cyberattack.

Last year, LastPass suffered a credential stuffing attack that allowed threat actors to confirm a user's master password. It was also revealed that LastPass master passwords were stolen by threat actors distributing the RedLine password-stealing malware.

Due to this, it is vital to enable multi-factor authentication on your LastPass accounts so that threat actors won't be able to access your account even if your password is compromised.
Click to expand...
 
UsandThem

UsandThem

Elite Member
May 4, 2000
16,068
7,380
146
After this latest compromise, I will be looking for another password manager. I've always had 2-factor authentication, and an authentication app enabled to be more secure.

I make sure to use different usernames and long passwords for all the different websites, so it's not so much of it being a convenience, but a necessity in generating and remembering all the logins.

I used a couple different managers over the 20 years of doing this, and Lastpass has really been the only one with multiple breaches. I know anything that is connected to the internet will eventually be breached at some point, but some companies are much more progressive in their prevention (not looking at you T-Mobile, Home Depot, Target, Yahoo etc.) than others.
 
balloonshark

balloonshark

Diamond Member
Jun 5, 2008
6,320
2,722
136
UsandThem said:
After this latest compromise, I will be looking for another password manager. I've always had 2-factor authentication, and an authentication app enabled to be more secure.

I make sure to use different usernames and long passwords for all the different websites, so it's not so much of it being a convenience, but a necessity in generating and remembering all the logins.

I used a couple different managers over the 20 years of doing this, and Lastpass has really been the only one with multiple breaches. I know anything that is connected to the internet will eventually be breached at some point, but some companies are much more progressive in their prevention (not looking at you T-Mobile, Home Depot, Target, Yahoo etc.) than others.
Click to expand...
I think lastpass is a target because they have so many users. Sort of like IE, flash, etc. were constant targets. I don't think they've had a breach where the databases were compromised yet.

I've been using keepass for years since it's open source and a smaller target. I also like that it doesn't store my database online. I think it has the option to store the databases online via Dropbox, Google Drive, OneDrive, etc. plus it has two plugins for online storage or sync if the default method doesn't work with your service.

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.
keepass.info keepass.info
 
  • Like
Reactions: UsandThem
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,765
18,045
146
www.reviewgeek.com

LastPass Security Breach Worse Than Initially Reported

It's worse than you think.
www.reviewgeek.com www.reviewgeek.com

Users data also compromised

fwiw, I use safe in cloud.

Password Manager SafeInCloud for Android, iOS, Windows, and Mac

Password Manager SafeInCloud for Android, iOS (iPhone and iPad), Windows, and Mac. Cloud synchronization. Login with fingerprint. Strong encryption. Password generator.
safe-in-cloud.com safe-in-cloud.com

I never liked the fact that last pass data was stored on their servers.

I don’t use browser plugins either
 
Last edited:
  • Wow
Reactions: Ajay
Ajay

Ajay

Lifer
Jan 8, 2001
15,451
7,861
136
ch33zw1z said:
www.reviewgeek.com

LastPass Security Breach Worse Than Initially Reported

It's worse than you think.
www.reviewgeek.com www.reviewgeek.com

Users data also compromised

fwiw, I use safe in cloud.

Password Manager SafeInCloud for Android, iOS, Windows, and Mac

Password Manager SafeInCloud for Android, iOS (iPhone and iPad), Windows, and Mac. Cloud synchronization. Login with fingerprint. Strong encryption. Password generator.
safe-in-cloud.com safe-in-cloud.com

I never liked the fact that last pass data was stored on their servers.

I don’t use browser plugins either
Click to expand...
Rats. Just bought LastPass premium (25% off). Dashlane re-up was going to be $80/yr (vs the previous $60).
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,765
18,045
146
Ajay said:
Rats. Just bought LastPass premium (25% off). Dashlane re-up was going to be $80/yr (vs the previous $60).
Click to expand...

yea that’s tough.
At this point I have 300+ profiles, even if I wanted to switch it would be very difficult
 
  • Like
Reactions: Ajay
ringtail

ringtail

Golden Member
Mar 10, 2012
1,030
34
91
Does anybody know if KeePass is safer than a password-protected 7Zip file?
After reading up on KeePass it sounds about the same as a 7Zip file with a password, but I can't really tell.
 
ch33zw1z

ch33zw1z

Lifer
Nov 4, 2004
37,765
18,045
146
ringtail said:
Does anybody know if KeePass is safer than a password-protected 7Zip file?
After reading up on KeePass it sounds about the same as a 7Zip file with a password, but I can't really tell.
Click to expand...

KeePass Password Safe

KeePass is a free open source password manager. Passwords can be stored in an encrypted database, which can be unlocked with one master key.
keepass.info keepass.info

Keepass db’s are encrypted by default. Do t believe zips are?
 
Ajay

Ajay

Lifer
Jan 8, 2001
15,451
7,861
136
Not related to the above. I wish I had bought Keeper instead of LastPass this go around. It has a good reputation and isn't as big a target for hackers as LastPass is.
Hmm, wonder if I can get a refund??
 
ScottAD

ScottAD

Senior member
Jan 10, 2007
735
77
91
This impacted me recently. I moved from LastPass to Bitwarden years ago, but when I was test driving BW, my password was stored with it in a LP vault...dumb I know.

I received a notification that my Bitwarden account and my box.com account had been logged in to.

Dumped my vault, kicked all sessions, upped my encryption to 350,000 iterations and then created a new passphrase.

Ran through all my financial accounts and changed those passwords and then social media.

Everything is secured now and on the services I did not use 2FA on, they all use it now.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom