LastPass Breach Is Worse Than They Want You To Believe

preview_player
Показать описание
In December 2022, LastPass experienced a security breach. The breach compromised the personal data of millions of users, including names, email addresses, and encrypted passwords. Fortunately, the attackers did not gain access to the master passwords of any LastPass customers. Join the Technado team as they explain everything you need to know about the LastPass breach.

Reference Article:
- Notice of Recent Security Incident (The LastPass Blog)

- LastPass users: Your info and password vault data are now in hackers’ hands

- Yikes! Hackers Had Access to LastPass Users' Password Vaults

- What’s in a PR statement: LastPass breach explained

Technado is a weekly tech podcast where Don Pezet, Peter VanRysdam, and Daniel Lowrie cover a whirlwind of tech from interviews with industry experts and up-and-coming companies to commentary on the week's news in the world of security, vendor certifications, networking, and just about anything IT related. New episodes are released every Thursday!

#lastpassbreach #lastpass #lastpassbreachexplained
  1. ITPro
  2. lastpass breach
  3. lastpass hacked
  4. lastpass hacked 2022
  5. lastpass hack
  6. lastpass security
Рекомендации по теме
LastPass Breach Is 0:25:18

LastPass Breach Is Worse Than They Want You To Believe

Technado, Ep. 293: 0:50:35

Technado, Ep. 293: LastPass Breach Update: It's Worse Than We Thought

LastPass Vault Breach 0:03:50

LastPass Vault Breach - 3 Things Victims Need to do Immediately

LastPass Hack: The 0:14:04

LastPass Hack: The CRUCIAL Problem No One Is Talking About

What to Do 0:12:47

What to Do About the LastPass Breach

Breach Updates: LastPass 0:16:17

Breach Updates: LastPass Continues To Get Worse And More

Hackers Breached The 0:12:27

Hackers Breached The LastPass Corporate Vault

STOP Using Your 0:08:27

STOP Using Your Password Manager NOW!

LastPass Is Showing 0:00:28

LastPass Is Showing How To Handle A Security Breach

Steve's Take on 0:14:05

Steve's Take on the LastPass Breach

Use LastPass? Do 0:05:38

Use LastPass? Do This ASAP! (LastPass Hacked, You Are At Risk!)

Last Pass Breach 0:24:00

Last Pass Breach 2022: My Recommendations

Lastpass Password Breach 0:07:36

Lastpass Password Breach of 2022: Epic Hack or Epic Fail? Technical

The LastPass Hack 0:10:29

The LastPass Hack Has Gotten Worse: What to Do to Protect Yourself

Hacker Teaches How 0:04:51

Hacker Teaches How to Manage Passwords

I Tested 7 0:05:48

I Tested 7 Password Managers: the BEST of 2024 is…

Answering Your Questions 0:09:35

Answering Your Questions About The LastPass Breach

LastPass GEHACKT 👉 0:13:10

LastPass GEHACKT 👉 Finger WEG von Password Managern 🚫

Why the LastPass 0:00:47

Why the LastPass breach in August 2022 was a BIG DEAL!

The BIGGEST Password 0:07:44

The BIGGEST Password Manager Scandal This Decade!

Time to Find 0:02:28

Time to Find Out How Strong Your LastPass Password Was

Lastpass hacked again!? 0:02:45

Lastpass hacked again!? Here are some Alternatives...

Technado, Ep. 289: 0:58:13

Technado, Ep. 289: LastPass Roundup

How Lastpass Security 0:00:59

How Lastpass Security Breach exposed your personal data

Комментарии
Автор

Lastpass needs to go out of business. They chose to not responsibly handle the data they had been trusted with. I hope they have legal consequences for it. Again, they chose to not be responsible with customers data

jamesm
Автор

I also moved to 1Password after this last fiasco. The great thing about 1Password is that they make you generate a second key that's random on top of your master password. This second key works with your master password so it's strong by default. You don't have to enter in this secondary key every time, you just keep it somewhere safe for when you need to rebuild your local copy.

p_louis
Автор

Writing down your passwords on sticky notes doesn't seem so bad now.

johnscott
Автор

I too used to be a lastpass user but the way they have handled letting the public know about this was very poor.

ppporch
Автор

We are in process of getting pricing for one of our mid-size business clients, glad I got caught up on what all is going on through this video. The PR stunt was very shady on LastPass' part with the holidays.

DCxALBRECHT
Автор

My data has already been compromised, I started getting unauthorized ACH from my bank over the past weekend.

msromike
Автор

This should be absolutely prosecuted. How is this not a complete violation and gross negligence? I should have dumped them after they were bought.

chaotic_coder
Автор

Lastpass reported that the number of iterations is 100, 100. But older accounts show only 5, 000 and some report theirs defaulting to 1. The iterations don't change even after changing the master password. That needs to manually be changed.

Bob-uzov
Автор

I didn't realise there was an easy way to move data from one password manager to another. I've just spent 3 full days manually transferring accounts (and changing passwords) over from Lastpass to Bitwarden lol

I've been a Lastpass user for near a decade and spent most of that time as a premium user. Really happy with Bitwarden though; they seem to offer more features even with the free version.

AndySomething
Автор

@ITProTV great discussion. One thing that I have not seen mentioned in the comments or covered in the discussion is the LastPass feature which is enabled by default "Revert Master Password". This allows you to revert changes to your master password that were made in the last 30 days. I wonder if this data was also stolen ?

ShaunRust
Автор

I ran my 12-character random LastPass master password which had 100100 iterations on my RTX4090 using one of the better open source password crackers and it cracked my LastPass password at the 63 hour mark. Complex master passwords are useless if the password vault gets stolen.

anorax
Автор

"The real story here is how these guys are living millions of years." I nearly choked on my tea with laughter. Lots of other funny comments by all you guys as well. Thank you guys for being entertaining and funny enough to take the edge off this horrible story. Most entertaining IT show -- hands down. The rest bore me to tears. One of em even thinks loudly slurping coffee while appearing to be on a sugar high is entertaining.

artistryartistry
Автор

Was a last pass user for 8 years, but no more. This was a complete mishandle on their part and lack of protecting their customers. I guess free accounts come with costs (probably only why passwords were encrypted and not usernames and URL’s, selling your data). Using Bitwarden now. Currently using their cloud service but potentially going to host my own personal instance.

aaronsatterwhite
Автор

Just a couple of quick points... 1) The username field *is* encrypted. So that's something, but still not great, and your comments about phishing still very much apply.

2) Lastpass have confirmed (to customers who send in a support request) that the data was stolen on Sept 22, 2022. This was all customer vaults.

Hope that helps!

starbuk
Автор

Just for more information on this topic - I just checked my email and found the 2018 email from Lastpass regarding the changes they made at that time. Below is the email text they sent me. So they did change the iteration count automatically on my account. Apparently many haven't researched this because it is widely misreported. I still have the emails.
"Recent Upgrade
We are notifying you of a routine security upgrade we recently made to all LastPass accounts. Specifically, we increased the default PBKDF2 iterations to 100, 100. PBKDF2 is used to protect your master password in the unlikely event of a brute-force attack. We periodically make security upgrades, such as increasing PBKDF2 iterations, to ensure we're providing the best security for users.

The update happened automatically upon login to your LastPass account. Because the upgrade requires a re-encryption of the vault, LastPass records the event as a password change in your account history, as seen below, though no master password changes have been made. Note that you will be required to log-in again on other devices where you use LastPass.

Time of Change 2018-12-28 12:10:08"

But I agree, it is time to move on, the new owners of Lastpass have mismanaged the company and caused it to be unsuccessful in it's core business.

alanb
Автор

SMH, FML and I'm SOL with last pass. And every other abbreviation the kids use. Horrible company ethics being shown by them. I'm out. Appreciate you sharing what to do and the alternate options.

mikereese
Автор

I finally have had enough and completely closed my LastPass account and deleted all data. I had moved on some time ago after the last breech but had left the vault there just in case. I had already changed many of my passwords in the meantime. I knew deep down after LastPass had been purchased that it would likely go downhill.

CF
Автор

"unless you live under a rock" or dgaf and never used password storage apps. never even heard of last pass and gave up on password apps back in the ICQ days...breaches and general security issues such as this one continues to prove that choice correct.

Joe-Dead
Автор

Since the breach i've been getting phished on my gmail and live accounts pretty damn hard. hundred of emails a day. I'm done with LastPass.

alwayzurboy
Автор

A breach in a "security" program should put them out of business. Why should anyone use LastPass now?

gwine