[Lex Computer & Tech Group/LCTG] LastPass confirms users' password vaults were stolen by hackers

[George Gamota]

Folks

I think we should have a more in-depth discussion on “passwords” at the next session or when time is open. 

George

 

From: LCTG <lctg-bounces+ggamota=stma-llc.com at lists.toku.us> On Behalf Of Rich Moffitt
Sent: Thursday, December 29, 2022 8:16 AM
To: Drew King (dking65 at kingconsulting.us) <dking65 at kingconsulting.us>; Lex Computer Group <LCTG at lists.toku.us>
Subject: Re: [Lex Computer & Tech Group/LCTG] LastPass confirms users' password vaults were stolen by hackers

 

The fact that LastPass infrastructure has been breached multiple times and are such a big target are reasons I don't feel like using them anymore. The vaults themselves are still encrypted, and (provided a good master passphrase was used) aren't likely to be cracked in a timely fashion. I'm actually more concerned about the plaintext URLs and other personal data that were scooped up as part of the breach. Some of these could include access tokens or personally identifiable data that could assist an attacker in compromising accounts without the credentials themselves.

 

Fortunately, there are good alternatives out there: trusty old Keepass for DIYers, Bitwarden for people who like browser integration and either want to host their own or use a decent free tier service, and 1Password / Dashlane / etc. for people looking for other convenience features and are willing to pay for them.

 

-Rich

 

On Tue, Dec 27, 2022 at 4:51 PM Drew King (dking65 at kingconsulting.us <mailto:dking65 at kingconsulting.us> ) <dking65 at kingconsulting.us <mailto:dking65 at kingconsulting.us> > wrote:

All,

Some LastPass breach update information:

Android Central: LastPass confirms users' password vaults were stolen by hackers.
https://www.androidcentral.com/apps-software/lastpass-user-data-security-breach-incident

-- 
Drew King

===============================================
::The Lexington Computer and Technology Group Mailing List::
Reply goes to sender only; Reply All to send to list.
Send to the list: LCTG at lists.toku.us <mailto:LCTG at lists.toku.us>       Message archives: http://lists.toku.us/pipermail/lctg-toku.us/
To subscribe: email lctg-subscribe at toku.us <mailto:lctg-subscribe at toku.us>   To unsubscribe: email lctg-unsubscribe at toku.us <mailto:lctg-unsubscribe at toku.us> 
Future and Past meeting information: http://LCTG.toku.us
List information: http://lists.toku.us/listinfo.cgi/lctg-toku.us
This message was sent to rich at richmoffitt.org <mailto:rich at richmoffitt.org> .
Set your list options: http://lists.toku.us/options.cgi/lctg-toku.us/rich@richmoffitt.org

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.toku.us/pipermail/lctg-toku.us/attachments/20221229/f76161ee/attachment.htm>