LastPass users warned their master passwords are compromised

[mk76]

LastPass users warned their master passwords are compromised

Many LastPass users report that their master passwords have been compromised after receiving email warnings that someone tried to use them to log into their accounts from unknown locations.

www.bleepingcomputer.com

 

[fastapifastdisks]

keeping passwords on the cloud is equivalent to leaving your passwords in a book at the railway station.

 

[TinTinSnowy]

3 Users are not equal to LastPass userbase which is more 30 millions. They probably got their master password leaked somewhere. In any case the login attempts were blocked since they were not logging in from approved devices.

 

[Fapdda]

Tbh even I have felt that some of my passwords do get leaked once I have them on Lastpass, I've even received scam emails stating my password to extort money out of me in one way or the other.

 

[TinTinSnowy]

Tbh even I have felt that some of my passwords do get leaked once I have them on Lastpass, I've even received scam emails stating my password to extort money out of me in one way or the other.

Check if you were pwned. https://haveibeenpwned.com/

 

[TinTinSnowy]

Bump!

 

[rajanmehta]

Hackers stole encrypted LastPass password vaults, and we’re just now hearing about it

It’s way worse than the previous notice made it seem.

www.theverge.com

 

[gourav]

keeping passwords on the cloud is equivalent to leaving your passwords in a book at the railway station.

That is so wrong and so misleading.

It's fine if you feel it's not secure enough and don't want to use it, but don't use sound-bites to make it sound like a fact. Companies and engineers have spent years working on cryptography to make your data secure. The current structure of password managers is such that even if someone gets hold of LastPass/Bitwarden's database, they won't be able to get your password. Your password is only ever readable locally on the device on which you've logged in.

The only way for someone to get your password is for you give them your master password.

A correct equivalence would be to have a hypothetical unbreakable box in a bank locker. The bank may get robbed, but your box won't open unless someone gets your key.

Unfortunately, a lot of people don't understand how to keep their master key secure.

 

[rajneeshrana]

I had an old Lastpass account and forgot about it.
Now trying to get hold of it but unable to reset.
Can I ask them to delete account using any other method?

 

[pratikk]

This has got me kind of paranoid, does anyone know if onekey is safe? I've been using it since last year

 

[gourav]

I had an old Lastpass account and forgot about it.
Now trying to get hold of it but unable to reset.
Can I ask them to delete account using any other method?

Look at their help section, there was some information on deleting account without knowing the password. I didn't read it though because I had my password.

This has got me kind of paranoid, does anyone know if onekey is safe? I've been using it since last year

This is an offline password manager. What is your concern with this?

One has to remember that no online or offline data is 100% hack proof, no matter what you do. Ultimately you have to strike a balance between security and convenience, a balance which works for you. For me, having an online password manager like Bitwarden, secured with a good long password, a dedicated email id, and TOTP based 2FA is a good balance. It's fairly secure, unless I myself do something stupid, and really convenient - no worries about manually syncing stuff, available everywhere, and an almost bug-free experience.