Discover and read the best of Twitter Threads about #lastpass
Most recents (5)
🔥 Had @LastPass not leaked their entire password database I would be safe right now even if attackers has my real password. They claim this is a “feature” that makes them extra secure. This is on them but I was dumb enough to believe they could keep their data & source safe 🔥
If you are a crypto degen and you use LastPass or a password manager, you need to read this ( Your future investment security may depend on it).
The whole #lastpass security breach over the last few months had me concerned.
I wasn't too sure what to do about it until I came across Steve Gibson's Security Now podcast with Leo Laporte.
Here is what I learned 👇
I wasn't too sure what to do about it until I came across Steve Gibson's Security Now podcast with Leo Laporte.
Here is what I learned 👇
LastPass admitted that their off-site cloud backup of their customers’ mostly-encrypted vault data was hacked and is now in the hands of malicious actors.
Your password strength is the last line of defence, if you had an entropy of fewer than 50 Bits you need to act asap.
Your password strength is the last line of defence, if you had an entropy of fewer than 50 Bits you need to act asap.
Apparently 4 months ago #DCG and #Grayscale / $GBTC were suddenly "actively searching" for a Security Architect specifically for "cloud security standards" and "risk assessment"...
curiously tagged with #CISSP (computer security designer) and not, for instance, #compliance.
🚩
curiously tagged with #CISSP (computer security designer) and not, for instance, #compliance.
🚩
👆 maybe I'm projecting but that looks to me like the job listing I might post at the moment I was scrambling to recover from a security breach #DCG #Grayscale $GBTC
Here's some reasons about the wording used, the timing, and a couple other things made me at least raise my eyebrows: reddit.com/r/AskNetsec/co…
Latest #LastPass breach may be worse than you think.
Attacker didn't just get encrypted passwords.
They got unencrypted URLs.
Think: URLs with account tokens, API keys & credentials, etc...
1/
blog.lastpass.com/2022/12/notice…
Attacker didn't just get encrypted passwords.
They got unencrypted URLs.
Think: URLs with account tokens, API keys & credentials, etc...
1/
blog.lastpass.com/2022/12/notice…
2/ Do your your employees use #LastPass?
Or how about your users?
Do you even know?
The unencrypted URL breach is bad news for your security model, and you should be thinking about mitigations.
Or how about your users?
Do you even know?
The unencrypted URL breach is bad news for your security model, and you should be thinking about mitigations.
3/ The issue: *unencrypted* URLs that #LastPass users have saved may in some cases contain sensitive information that can be leveraged for account access.
The entity that now has this trove of encrypted & unencrypted stuff is clearly well-resourced, capable and strategic.
The entity that now has this trove of encrypted & unencrypted stuff is clearly well-resourced, capable and strategic.
The #LastPass breach (just the latest, btw) is frustrating.
Users that didn't follow "best practices" for their master password are vulnerable (customer password vaults were stolen!).
But also because we've collectively spent years trying to move users to password managers. 1/
Users that didn't follow "best practices" for their master password are vulnerable (customer password vaults were stolen!).
But also because we've collectively spent years trying to move users to password managers. 1/
2/ #LastPass has a giant target on their back because of the juicy data & password trove that they handle.
And they are absolutely failing their customers.
At this point, each time I hear about Last Pass it's: hey, they had *another breach*
And they are absolutely failing their customers.
At this point, each time I hear about Last Pass it's: hey, they had *another breach*
3/ Use a password manager!
It makes it easy to use different passwords for each service you use.
But give #LastPass... a pass.
There many better choices.
Personally, I like @1Password (they are also recommended by @ConsumerReports).
It makes it easy to use different passwords for each service you use.
But give #LastPass... a pass.
There many better choices.
Personally, I like @1Password (they are also recommended by @ConsumerReports).
