Lastpass breach. Code stolen. No user data taken

nlinecomputers

nlinecomputers

Well-Known Member
Reaction score
8,566
Location
Midland TX
Password Manager Software company Lastpass reports that their network was breached and software code was stolen. They say no end user data was accessed in the breach. And even if it was the data is stored encrypted So it’s protected by that.

www.neowin.net

LastPass confirms breach, says user data is safe

Password management company LastPass has announced that its development environment was recently hacked. However, there are no signs of illicit access to user data at this point in time.
www.neowin.net www.neowin.net
 
@nlinecomputers This. We probably won't have to worry about modern encryption algorithms being compromised until quantum computing really takes off. There's a reason why they say to encrypt your data. I use cloud based data backup and a cloud based password manager but everything is 100% encrypted with my own private encryption key. No way I would put my stuff on the cloud if it wasn't encrypted but encryption is 100% safe so long as you don't use an easy/short password and you use moder encryption algorithms.
 
Business a bit slow at Lastpass?

Nice advertising.
We can get breached and keep your data secure.
Save your passwords with us , you'll be fine....
 
Last edited:
GTP said:
Business a bit slow at Lastpass?

Nice advertising.
We can get breached and keep your data secure.
Save your passwords with us , you'll be fine....
Click to expand...
They are doing what any ethical security company does and publicly acknowledging the incident. And yes they can get breached and keep your data secure. Back in 2015 they had password hash files stolen. How many customers had there password vault breached because of this. Zero. Because unless you can throw a supercomputer at a password hash and have a couple of centuries getting your hash files stolen ISN’T going to reveal anything. Encryption works.
 
Some media outlets have blown this out of proportion as normal (and some security companies touting for work). I think lastpass work in the same way as some other cloud based password managers in that they use a secret key and master password, neither of which are generated/stored on their servers. Without both of those things someone else cannot login at a new location/new device or just the master password cannot login to your account on a device you already use.
A password manager isnt a reason to use weak passwords, in fact its an easy way to store complicated passwords and use unique passwords for each site.
I started using a password manager last year and this news has not put me off using them, knowing that in a few months none of their users passwords will have been stolen will give me even more confidence.
 
GTP said:
Never said it doesnt, but I still wouldnt give my house keys to someone else to store in another location.
My passwords are safe because only I know where they are.
Click to expand...
With respect that is exactly what you are saying. You don't trust password managers and the only reason not to trust them is because you think Encryption doesn't work. That they have backdoors or that people smarter than you can hack into it and get access to your passwords.
 
Your faith in technology amaze me!
Computer security... there is none. Given the time/money/user stupidity/etc... it's just zero.
(CIA backdoor anyone? Have faith - Just trust them ;) )
 
  • Like
Reactions: GTP
@Philippe:

Your constant use of the winking emoji is about as confusing as can be. You seem to believe what you're writing, and that emoji is generally used to convey a sly "I'm not serious" vibe. So which one is it?

And while I'll agree with you that there is no perfect computer security, particularly if we're talking unauthorized access to systems and data, so far there doesn't seem to be any "general purpose" success with decrypting. I also don't think that the NSA, CIA, FBI, etc., have the slightest interest in what most of us are doing day to day. What "wide net" surveillance they do is for the purpose of identifying "the big fish." And everyone does know they do "wide net" monitoring (you've got to, really).
 
Philippe said:
I just don't trust "computer security" and, yes, it includes cryptography... To each their own.
Click to expand...

I'll agree with the, "To each their own." But in order for any position to hold water, there has to be a rationale that others can understand, and that makes sense in light of what is known in the field. You do not ever present such, which is why your comments on security related issues are not given any particular weight by many.

You almost seem, though not quite as extreme, to be the equivalent of an anti-vaxxer but where the "vaxxer" part is "cyber security measures" instead.
 
britechguy said:
You almost seem, though not quite as extreme, to be the equivalent of an anti-vaxxer but where the "vaxxer" part is "cyber security measures" instead.
Click to expand...
Yeap. Don't like it, don't trust it. I'm sure there is a ton of "rationales" for anyone to trust it, I just don't...
My viewpoint...
And the ;) it's also a kind of "anyway I does not really matter. Just be happy" message...
 
Philippe said:
My viewpoint...
Click to expand...

Your unsupported viewpoint. That's the issue.

In a modern society where everyone thinks their opinion deserves to be heard nothing annoys me more than individuals who mistake their personal preferences for fact.
~ "TheCruyffGurn" in comments on The Guardian, 8/13/2014

Your discomfort is not based on anything but your beliefs, which you can't give any rationale for. So those beliefs cannot be, and should not be, taken seriously or given the slightest credence by anyone who applies critical thinking to them.
 
britechguy said:
You almost seem, though not quite as extreme, to be the equivalent of an anti-vaxxer but where the "vaxxer" part is "cyber security measures" instead.
Click to expand...
This. They don't understand cryptography, take some classes on calculus and learn, or trust that there are independent auditors who are just as paranoid as you but actually understand calculus and programming and thus can see if there are flaws or outright backdoors and would publish such as they find them. Lastpass isn't open source though it is 3rd party audited by reputable firms. If that ain't good enough there's open source. But this isn't about logic, knowledge, or really even trust. It's about control. You don't think you have control over it so you adopt an illogical stance against it.
 
You must log in or register to reply here.

Similar threads

Porthos
[TIP] Lock My PC Used By Tech Support Scammers, Dev Offers Free Recovery
Replies
8
Views
2K
Brett A
Brett A
GTP
(Davey Winder) Dashlane dents my confidence.....
Replies
9
Views
2K
PcTek9
PcTek9
phaZed
[SOLVED] How to uninstall Forticlient AV that was installed from EMS management dashboard?
Replies
2
Views
17K
Your PCMD
Your PCMD
SOHOtechRob
LastPass Vulnerability
Replies
10
Views
1K
drpcfix
drpcfix
nlinecomputers
[WARNING] 500 Million Yahoo Accounts Hacked by “state-sponsored actor”"
Replies
11
Views
2K
nlinecomputers
nlinecomputers
Back
Top