Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

LastPass Vault Breached via Employee's Home Computer, Giving Keys to the Kingdom to Hackers
pjmedia.com ^ | February 28, 2023 | Greg Byrnes

Posted on 02/28/2023 12:34:17 PM PST by TChad

Millions of LastPass users may be at risk after a major breach of the home computer of one of their top employees. This employee was only one of four people in the company with access to their corporate vault. The breach may have come through a home Plex media account, according to Ars Technica, and appears to have been perpetrated by the same hackers who breached LastPass security on a smaller scale last August. At about the same time, Plex’s security was also breached.

(Excerpt) Read more at pjmedia.com ...


TOPICS: Computers/Internet
KEYWORDS: lastpass; oldnews; password; plex; security
If you use LastPass, it might be time to move on to a different password manager. This is not the first time LastPass has been hacked.

The "Plex" program may also have been affected.

1 posted on 02/28/2023 12:34:17 PM PST by TChad
[ Post Reply | Private Reply | View Replies]

To: TChad

LASTPASS, It will be the last time you use your password before hackers steal your identity.


2 posted on 02/28/2023 12:36:52 PM PST by 1Old Pro
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad

LastPass = Dead Company Walking


3 posted on 02/28/2023 12:38:01 PM PST by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad; ShadowAce; Swordmaker; dayglored

Ping!..............


4 posted on 02/28/2023 12:38:09 PM PST by Red Badger (Homeless veterans camp in the streets while illegal aliens are put up in hotels.....................)
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad

Put your health data, banking data and passwords etc on the internet LOL:-)
What a bunch of maroons:-)


5 posted on 02/28/2023 12:39:55 PM PST by Harpotoo (Being a socialist is a lot easier than having to WORK like the rest of US:-))
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad

No Plex was not as I read it, Plex had a breach but that was handled last year quickly and everyone warned to log off and change their passwords.

The breach involved salt and peppered data but the account key could have been used which is why the wanted everyone to log out of accounts.

As I read it they used his Plex account to compromise his LastPass Kingdom key access. Basically the guy is a moron and for the record LastPass has had a history of being miserable with security, they have no business being in the business.


6 posted on 02/28/2023 12:41:03 PM PST by Skwor
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad

I’ve been using Dashlane for years. I hope they are investigating their security at this moment.


7 posted on 02/28/2023 12:41:24 PM PST by ImJustAnotherOkie
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad
Why would anybody put their passwords information anywhere off their property?

It's just asking for trouble.

Online password managers? Nuts.

Just as crazy as storing your data in "the cloud", which = some server somewhere, you have no idea where.

8 posted on 02/28/2023 12:45:57 PM PST by Mogger
[ Post Reply | Private Reply | To 1 | View Replies]

To: mkmensinger

read this


9 posted on 02/28/2023 12:47:01 PM PST by siamesecats (God closes one door, and opens another, to protect us. )
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad

10 posted on 02/28/2023 12:48:43 PM PST by dfwgator (Endut! Hoch Hech!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Harpotoo

I just use the encryption built into the ‘vim’ editor for Windows/Linux and store all that type of info on my local computer (with a backup stored elsewhere, of course).


11 posted on 02/28/2023 12:49:41 PM PST by The Duke (Never Retreat, Never Surrender!)
[ Post Reply | Private Reply | To 5 | View Replies]

To: Mogger
Online password managers? Nuts.

I agree.

I have never trusted password managers, online or not. I have my own password-generating routine.

12 posted on 02/28/2023 1:29:54 PM PST by TChad (Progressives are in favor of removing healthy sex organs from children. Conservatives oppose this.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: TChad

Any password manager is going to be a high-priority target for attackers.


13 posted on 02/28/2023 1:42:14 PM PST by Steely Tom ([Voter Fraud] == [Civil War])
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad
"Keys to the kingdom" is a little bit overblown... From the LastPass website: The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data, such as website URLs, as well as fully-encrypted sensitive fields such as website usernames and passwords, secure notes, and form-filled data. These encrypted fields remain secured with 256-bit AES encryption and can only be decrypted with a unique encryption key derived from each user’s master password using our Zero Knowledge architecture. As a reminder, the master password is never known to LastPass and is not stored or maintained by LastPass. The encryption and decryption of data is performed only on the local LastPass client. For more information about our Zero Knowledge architecture and encryption algorithms, please see here.
14 posted on 02/28/2023 1:51:16 PM PST by ggrrrrr23456
[ Post Reply | Private Reply | To 1 | View Replies]

To: TChad

KeePass. Free and totally local to you. I keep my database on an encrypted thumb drive and you have to have my Yubikey to open it.

Please use a password manager using the same password for everything makes you an easy target.


15 posted on 02/28/2023 3:08:29 PM PST by rarestia (“A nation which can prefer disgrace to danger is prepared for a master, and deserves one.” -Hamilton)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Mogger

As I understand it, the data is all encrypted and can not be accessed without your Master Password which is only stored as an encrypted value. They might be able to get some PII on the customer base, but I think that is about it.


16 posted on 02/28/2023 3:17:24 PM PST by Woodman
[ Post Reply | Private Reply | To 8 | View Replies]

To: Mogger

Agreed. I have my own password generator and protection scheme. Nothing is stored off our property or in a cloud. And passwords are not stored on any of our computers.


17 posted on 02/28/2023 3:34:58 PM PST by redfreedom (You can vote your way into socialism, but you may have to shoot your way out.)
[ Post Reply | Private Reply | To 8 | View Replies]

To: rarestia
Please use a password manager using the same password for everything makes you an easy target.

No one suggested "using the same password for everything."

18 posted on 02/28/2023 5:56:39 PM PST by TChad (Progressives are in favor of removing healthy sex organs from children. Conservatives oppose this.)
[ Post Reply | Private Reply | To 15 | View Replies]

To: TChad

Given that most folks have more than just a few logins, and complex passwords constitute alphanumerics and symbols, and our memory gets less sharp as we get older, I’m going to assume that most individuals not using a password manager are reusing the same passwords at least once.


19 posted on 03/01/2023 2:33:21 AM PST by rarestia (“A nation which can prefer disgrace to danger is prepared for a master, and deserves one.” -Hamilton)
[ Post Reply | Private Reply | To 18 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson