LastPass security breach linked to $35 million stolen in crypto heists
www.theverge.com
Researchers found that almost every victim was a LastPass user.

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

    • GreenBottlesEnglish
      2010 months ago

      I’d be willing to bet that people store their key phrases in the notes section in LastPass which was not encrypted at rest

      • @CoderKat@lemm.eeEnglish
        1310 months ago

        I’m sure they were encrypted. But attackers have the vaults and many people have bad passwords. Brute forcing these days is less about trying every combination and more about trying all known leaked passwords, because people reuse passwords like crazy and also just aren’t as original as they think.

        If you have millions of password vaults, I’m sure you can crack open a small number. And the ones you can crack are probably the most likely to not be following best practices, meaning it’s more likely they haven’t changed their passwords since the breach was announced a while back and they probably are less likely to have 2FA. 150 victims is such a tiny number for how many vaults were stolen when LastPass got compromised.

      • @hatchling@lemmy.worldEnglish
        710 months ago

        This is incorrect information. Notes are encrypted, just not their “type”. Unfortunately the most direct source for this is a reddit link, but here it is anyway.

    • @LufyCZ@lemmy.worldEnglish
      810 months ago

      This doesn’t say anything about crypto.

      It says everything about the users themselves.