Mastodon

@MulticlassGeek@meow.social has moved to @MulticlassGeek@mas.toActually laughed out loud at the email from LastPass with the subject line "Cybersecurity starts with you." <a href="https://meow.social/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a>

Davey 민선Thanks to <a href="https://sfba.social/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> I finally migrated my passwords from <a href="https://sfba.social/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> to <a href="https://sfba.social/tags/1password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1password</a> and updated/altered most of them. Liking it so far. Especially the break down and color coding of password characters. Lastpass made me deliberately avoid using upper case i and lower case L, or letter O versus zero etc. I liked Lastpass for the longest time but now I think it's fallen off the rails.

MotherboardThe company published new details about a disastrous breach in which hackers stole customers' vaults. It's time to switch. <a href="https://www.vice.com/en/article/xgye3k/lastpass-shouldnt-be-trusted-with-your-passwords" rel="nofollow noopener noreferrer" target="_blank">https://www.vice.com/en/article/xgye3k/lastpass-shouldnt-be-trusted-with-your-passwords</a> <a href="https://federated.press/tags/CYBER" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#CYBER</a> <a href="https://federated.press/tags/LastPassBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassBreach</a> <a href="https://federated.press/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> <a href="https://federated.press/tags/worldnews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#worldnews</a> <a href="https://federated.press/tags/hacks" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacks</a> <a href="https://federated.press/tags/passwordmanagers" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordmanagers</a> <a href="https://federated.press/tags/Breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Breach</a>

Stark<a href="https://mastodon.social/@Haste" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Haste</a>Will this be the end of <a href="https://techhub.social/tags/Lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lastpass</a>? Is anyone still using it? I was actually one of those hardcore fans that paid when they changed the pricing-tiers, but due to it being closed source and me still seeing ads showing that I was tracked, I realised it was them so a switched to <a href="https://techhub.social/tags/BitWarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BitWarden</a>. Since then, all <a href="https://techhub.social/tags/ads" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#ads</a> are irrelevant to me.<a href="https://techhub.social/tags/tech" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#tech</a> <a href="https://techhub.social/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a> <a href="https://techhub.social/tags/security" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#security</a> <a href="https://techhub.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://techhub.social/tags/hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hack</a> <a href="https://techhub.social/tags/Lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lastpass</a> <a href="https://techhub.social/tags/LastpassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastpassHack</a> <a href="https://techhub.social/tags/Bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Bitwarden</a> <a href="https://techhub.social/tags/PasswordManager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#PasswordManager</a>

Stark<a href="https://techhub.social/@Techmeme" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Techmeme</a><a href="http://www.techmeme.com/230227/p30#a230227p30" rel="nofollow noopener noreferrer" target="_blank">http://www.techmeme.com/230227/p30#a230227p30</a>It was through their home computer and a keylogger due to a known remote code execution exploit. Again, very weird how they knew to target this person and where. These guys were watched.<a href="https://techhub.social/tags/godaddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#godaddy</a> <a href="https://techhub.social/tags/Lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lastpass</a> <a href="https://techhub.social/tags/lastpasshack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpasshack</a> <a href="https://techhub.social/tags/Hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hack</a> <a href="https://techhub.social/tags/hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#hacking</a> <a href="https://techhub.social/tags/breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#breach</a>

Stark<a href="https://techhub.social/@Techmeme" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Techmeme</a><a href="https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach" rel="nofollow noopener noreferrer" target="_blank">https://www.bleepingcomputer.com/news/security/lastpass-devops-engineer-hacked-to-steal-password-vault-data-in-2022-breach</a>"As only four LastPass DevOps engineers had access to these decryption keys, the threat actor targeted one of the engineers. Ultimately, the hackers successfully installed a keylogger on the employee's device by exploiting a remote code execution vulnerability in a third-party media software package."It's crazy how they knew to target these 4 individuals. I would love to know how they figured it out. Both this and the <a href="https://techhub.social/tags/GoDaddy" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#GoDaddy</a> hacks were very intricate <a href="https://techhub.social/tags/Lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lastpass</a> <a href="https://techhub.social/tags/LastpassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastpassHack</a> <a href="https://techhub.social/tags/Hack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hack</a> <a href="https://techhub.social/tags/Hacking" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Hacking</a> <a href="https://techhub.social/tags/Breach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Breach</a>

Simon MiglianoAfter being a <a href="https://infosec.exchange/tags/LastPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPass</a> user for around 10 years, I've shifted over to <a href="https://infosec.exchange/tags/1password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#1password</a> due to the shameful way they handled the <a href="https://infosec.exchange/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> and it's superior product by far. Should have done this ages ago.

Jeroen Herrie :verified:Straks Last Pass vervangen door Bitwarden. De laatste info over LP is toch niet zo geruststellend. <a href="https://mastodon-belgium.be/tags/lastpasshack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpasshack</a>

WowbggrThe Register: For password protection, dump LastPass for open source Bitwarden. <a href="https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/" rel="nofollow noopener noreferrer" target="_blank">https://www.theregister.com/2023/01/16/dump_lastpass_bitwarden/</a> <a href="https://mastodon.org.uk/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> <a href="https://mastodon.org.uk/tags/lastpasshack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpasshack</a> <a href="https://mastodon.org.uk/tags/bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bitwarden</a>

boojitBeen working with the <a href="https://mastodon.pundo.com/tags/LastPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPass</a> tool that Steve Gibson publicized on the latest <a href="https://mastodon.pundo.com/tags/SecurityNow" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecurityNow</a> podcast (episode 905). But ran into an issue with shared folders, and covered it in this blog post. <a href="https://www.boojit.com/blog/2023-01-13.1+LastPass+vaults+and+shared+folders" rel="nofollow noopener noreferrer" target="_blank">https://www.boojit.com/blog/2023-01-13.1+LastPass+vaults+and+shared+folders</a><a href="https://mastodon.pundo.com/tags/LastPassBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassBreach</a> <a href="https://mastodon.pundo.com/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a>

BreakingBadnessEpisode 144 of <a href="https://infosec.exchange/tags/BreakingBadness" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#BreakingBadness</a> is now available. This week <a href="https://infosec.exchange/@ColonelPanic" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ColonelPanic</a> speaks with CISO <a href="https://infosec.exchange/@danonsecurity" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@danonsecurity</a> and <a href="https://infosec.exchange/tags/SecOps" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#SecOps</a> Engineer <a href="https://masto.deoan.org/@neurovagrant" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@neurovagrant</a> on the <a href="https://infosec.exchange/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a>. Tune in for their thoughts and recommendations here: <a href="https://www.domaintools.com/resources/podcasts/144-lastpass-on-the-left?utm_source=Social&utm_medium=Mastodon&utm_campaign=Breaking-Badness" rel="nofollow noopener noreferrer" target="_blank">https://www.domaintools.com/resources/podcasts/144-lastpass-on-the-left?utm_source=Social&utm_medium=Mastodon&utm_campaign=Breaking-Badness</a>

Alan K. MartinezWhat sucks, as a security student and advocate, I tell people that using any password manager is better than nothing... now something like this happens and a lot of us have to explain and re-assure people...A lot of security people might be taking a hit in their credibility when things like this happen and have to deal with people who are skeptics/doubters to begin with...<a href="https://infosec.exchange/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> <a href="https://infosec.exchange/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> <a href="https://infosec.exchange/tags/LastPassBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassBreach</a> <a href="https://infosec.exchange/tags/cybersecuritynews" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecuritynews</a> <a href="https://www.youtube.com/watch?v=SoyYpq4y6XE" rel="nofollow noopener noreferrer" target="_blank">https://www.youtube.com/watch?v=SoyYpq4y6XE</a>

Led By Fools<a href="https://fediscience.org/@ct_bergstrom" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@ct_bergstrom</a> <a href="https://mstdn.social/@bxchen" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@bxchen</a> The Verge covers it well: <a href="https://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal" rel="nofollow noopener noreferrer" target="_blank">https://www.theverge.com/2022/12/28/23529547/lastpass-vault-breach-disclosure-encryption-cybersecurity-rebuttal</a><a href="https://kolektiva.social/tags/LastPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPass</a> <a href="https://kolektiva.social/tags/LastPassBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassBreach</a> <a href="https://kolektiva.social/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> are all good hashtags for more info/opinions by infosec experts.

Erick RM<a href="https://youtube.com/watch?v=9XWHCF4pLmI&feature=share" rel="nofollow noopener noreferrer" target="_blank">https://youtube.com/watch?v=9XWHCF4pLmI&feature=share</a> <a href="https://mastodon.online/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> <a href="https://mastodon.online/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> <a href="https://mastodon.online/tags/lastpassfail" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpassfail</a>

Led By Fools<a href="https://sfba.social/@Mikal" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@Mikal</a> Its not so much _your_ password that counts when the DJI data vault gets hacked despite their glib assurances of "security", b/c then all you can do is reset your pwd again (and again). Assuming they detected the breach.If you have not already done it, use <a href="https://HaveIBeenPwned.com" rel="nofollow noopener noreferrer" target="_blank">https://HaveIBeenPwned.com</a> to see where your emails/phones show up in hacks.I was reading about the <a href="https://kolektiva.social/tags/LastPass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPass</a> <a href="https://kolektiva.social/tags/LastPassBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassBreach</a> <a href="https://kolektiva.social/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> and decided since my vault had been exposed, even tho' encrypted, that since LastPass didn;t reveal all details, they aren't to be trusted, so I switched pw managers to another popular one.

War on the Castle, Peace in the Valley🛡️🍉🇵🇸 🏳️‍🌈"Problems With Passphrases To say it one more time: Your passphrases need to be randomly generated! (As well as your passwords, of course.) Do not generate your own “good” passphrase by just looking around in the room you are sitting in and concatenating the things you see to generate a passphrase." SOURCE: <a href="https://weberblog.net/password-strengthentropy-characters-vs-words/" rel="nofollow noopener noreferrer" target="_blank">https://weberblog.net/password-strengthentropy-characters-vs-words/</a><a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> <a href="https://infosec.exchange/tags/passphrase" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passphrase</a> <a href="https://infosec.exchange/tags/passwords" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwords</a> <a href="https://infosec.exchange/tags/passwordmanager" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#passwordmanager</a> <a href="https://infosec.exchange/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> <a href="https://infosec.exchange/tags/LastpassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastpassHack</a> <a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#infosec</a>

Apicultor 🐝<a href="https://furry.engineer/@soatok" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@soatok</a> Actually, it might be even worse than just ECB:<a href="https://twitter.com/cryptopathic/status/1606416137771782151" rel="nofollow noopener noreferrer" target="_blank">https://twitter.com/cryptopathic/status/1606416137771782151</a><a href="https://hachyderm.io/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> <a href="https://hachyderm.io/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a>

Erick RM<a href="https://zirk.us/@gobsmacked" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@gobsmacked</a> Thanks! will do. <a href="https://mastodon.online/tags/Lastpasshack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#Lastpasshack</a>

War on the Castle, Peace in the Valley🛡️🍉🇵🇸 🏳️‍🌈"Forbes is the self consciousness of the bourgeois class" - TGoTJMajor <a href="https://infosec.exchange/tags/password" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#password</a> manager - <a href="https://infosec.exchange/tags/HACKED" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#HACKED</a>! I stayed up late last night changing passwords to "GFY" and then deleting their entries in lastpass. Because I migrated to <a href="https://infosec.exchange/tags/bitwarden" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#bitwarden</a> already, but did not entirely delete my <a href="https://infosec.exchange/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a><a href="https://www.forbes.com/sites/daveywinder/2022/12/23/lastpass-password-vaults-stolen-by-hackers-change-your-master-password-now/?sh=1b68b0024461" rel="nofollow noopener noreferrer" target="_blank">https://www.forbes.com/sites/daveywinder/2022/12/23/lastpass-password-vaults-stolen-by-hackers-change-your-master-password-now/?sh=1b68b0024461</a><a href="https://infosec.exchange/tags/LastPassBreach" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassBreach</a> <a href="https://infosec.exchange/tags/lastpasshack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpasshack</a>

BeardlyDavid<a href="https://jasette.facil.services/@simonforgues" class="u-url mention" rel="nofollow noopener noreferrer" target="_blank">@simonforgues</a> J’ai cessé d’utiliser <a href="https://social.librem.one/tags/lastpass" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#lastpass</a> il y as déjà quelques années, a cause de certaines pratiques douteuses. Je vois que j’ai bien fais! Une chance que j’ai fais détruire mon compte. Ça fait peur de voir que même une compagnie qui se spécialise en sécurité peut être vulnérable à ça point. <a href="https://social.librem.one/tags/LastPassHack" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#LastPassHack</a> <a href="https://social.librem.one/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener noreferrer" target="_blank">#cybersecurity</a>

Recent searches

Search options

Administered by:

Server stats:

#LastPassHack