LastPass hacked again… have fun with that

Not a repeat from August 2022, this time hackers got into a LastPass employee’s home computer which had a decrypted vault only available to a handful of company developers. According to Ars Technica said hacker got access credentials for a devops engineer and accessed the contents of a LastPass data vault that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.

So, it’s safe to assume at this point if you use LastPass it’s probably time to change all your important passwords.

lastPass hacked again 2023

I don’t have a link to where Ars Technica got their info from, and it’s not on the LastPass site as of this writing, but from the comments section it appears this could be profoundly bad. Really, change your bank / credit card / passwords.

Also probably worth noting that although the data is probably encrypted pretty decently and you probably have time, most people use passwords in a fairly limited range. For an example I was able to brute force a friend’s password protected college homework from 15 years ago in six hours because she knew it didn’t contain any symbols or numbers using one computer and 16 hours or so of time (she’d forgotten her password.) Someone going after billions in crypto is probably going to bring more resources to bear than I did with my one computer.

Sure it’s AES-256 (and brute forcing that is a wee bit more difficult than 15 year old docs,) but how sure are you at this point one of the developers didn’t leave something else there… they’ve been not exactly doing a bang up job at security lately it seems.

[Ars Technica]
Pocketables does not accept targeted advertising, phony guest posts, paid reviews, etc. Help us keep this way with support on Patreon!
Become a patron at Patreon!

Paul E King

Paul King started with GoodAndEVO in 2011, which merged with Pocketables, and as of 2018 he's evidently the owner. He lives in Nashville, works at a film production company, is married with two kids. Facebook | Twitter | Donate | More posts by Paul | Subscribe to Paul's posts

Avatar of Paul E King