LastPass hacked and source code stolen

[Hanno Labuschagne]

LastPass hacked and source code stolen

LastPass, a password manager used by more than 33 million people around the world, said a hacker recently stole source code and proprietary information after breaking into its systems.

The company doesn’t believe any passwords were taken as part of the breach and users shouldn’t have to take action to secure their accounts, according to a blog post on Thursday.

[Bloomberg]

 

[FiestaST]

1Password for me thanks.

 

[LinuxMan]

This is why I never use any password managers

 

[shaggy_beef_on_a_tricycle]

1Password for me thanks.

Are they immune against hackers?

 

[dualmeister]

lol thought I was using LastPass but using KeePass.
/continue

 

[Solitude]

Bloody hell. I use LastPass

 

[backstreetboy]

Bitwarden. E2EE and OSS. $10 per year. Cheap as chips.

 

[Sworaxe]

 

[killerbyte]

Are they immune against hackers?

Their password system is as nothing is stored on their servers.

https://1passwordstatic.com/files/security/1password-white-paper.pdf

 

[shaggy_beef_on_a_tricycle]

Bloody hell. I use LastPass

Passwords are encrypted for a reason. At some stage it will get stolen. As long as you are the only one who can decrypt it.

 

[grok]

Bloody hell. I use LastPass

The hell you are JThompson/@1Direction4Eva#99

 

[My_King]

Passwords are encrypted for a reason. At some stage it will get stolen. As long as you are the only one who can encrypt it.

Only one who can decrypt it?

 

[Sinbad]

Only one who can decrypt it?

Yup that's how it works. One way encryption, you need your private key to decrypt, and that is not available to the 3rd party.

 

[noxibox]

Bitwarden. E2EE and OSS. $10 per year. Cheap as chips.

Have they fixed the problem they had with modifying data while offline?

Their password system is as nothing is stored on their servers.

https://1passwordstatic.com/files/security/1password-white-paper.pdf

They do store passwords in the online database, but they're only ever decrypted on your hardware, so an attacker would only get a chunk of encrypted data by breaking into 1Password's servers.

 

[killerbyte]

Those who use Lastpass; does it have an encryption key like 1Password does?

With 1Password I must have my username, password and secret key or else I cannot access my account at all.

 

[My_King]

Yup that's how it works. One way encryption, you need your private key to decrypt, and that is not available to the 3rd party.

That's not what was said, "As long as you are the only one who can encrypt it."

I can also steal information and encrypt it again.

As long as I am the only one who can decrypt it will be better.

 

[shaggy_beef_on_a_tricycle]

Only one who can decrypt it?

Decrypt, yes.

 

[Sinbad]

Those who use Lastpass; does it have an encryption key like 1Password does?

With 1Password I must have my username, password and secret key or else I cannot access my account at all.

User, password, 2fa and an email confirmation with action required if you try to access it from an unfamiliar location.

 

[shaggy_beef_on_a_tricycle]

That's not what was said, "As long as you are the only one who can encrypt it."

I can also steal information and encrypt it again.

As long as I am the only one who can decrypt it will be better.

Spelling error. All is going to be okay. I promise. Will take them a couple million years to gain access to encrypted info from so many users.

 

[backstreetboy]

Have they fixed the problem they had with modifying data while offline?

Why would you want to do that? Will just result in lost updates.