More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • @DrCake@lemmy.world
    link
    fedilink
    English
    211 year ago

    I’m not 100% but I think Bitwarden actual encrypt the entire ‘password object’. So the url, username, password, and any notes. Lastpass didn’t/doesn’t encrypt the url so if anyone gets access to the vault, they have a list of websites where the person will have an account and can more accurately send phishing emails.

    • Fushuan [he/him]
      link
      fedilink
      English
      11 year ago

      It encrypts the entire vault iirc, not the objects themselves. The only thing a breach cound gain access to is the encrypted vault, the hashed master password and the master email.