Topic: LastPass hack - move your crypto assets to a more secure place right now! - page 2. (Read 514 times)
November 01, 2023, 06:23:59 AM
That's why I keep my seed phrase and password from OWNR wallet on paper. You never want to keep things like that online. My social media data is in Excel, but I wouldn't feel safe to keep my seed phrase like that.
November 01, 2023, 05:43:53 AM
I used to use LastPass as primary password manager, couple months ago I moved everything sensitive after reading Taylor Monahan's tweet, she mentioned LastPass was common link in drained accounts long before ZackXBT that you have quoted, it's just that she was unsure then if it was really the cause.
I had to manually move entries, because lastpass export does not work correctly, entries kept missing. I wonder myself why did I use this password manager who can't get basic thing right.
I had to manually move entries, because lastpass export does not work correctly, entries kept missing. I wonder myself why did I use this password manager who can't get basic thing right.
November 01, 2023, 05:36:08 AM
I am just coming across this news right now, and need i say that this is absolutely shocking? This is indeed shocking, as I myself have been a very active user of LastPass all through 2018 to (i think 2021), and even up until now, some of the passwords to my email addresses are still passwords obtained from LastPass.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I'm also a fan of Lastpass but this isn't the first time they've been hacked and their customer data stolen. Almost every year I hear about this password manager being hacked and I have given up on it since 2020 until now. It's the worst app I've ever used.
Well, I wouldn't exactly say LastPass is the worst app I've ever used, because it did many things right. Their password generation and seamless integration with browsers was great. But that's worthless if your private info gets compromised.
If you still use this password manager (or did in the past but reuse those passwords), the best course of action would be to switch to something like KeePassXC or KeePass2. And change all the passwords LastPass saved, like right now. If this news about hacked wallets connects to LastPass's hack last year there's no telling what other info could get exposed later. Things may look okay today but your credentials are still at risk.
I'm not a tech person, but can you help me understand a little, what's the difference between Lastpass and these applications? Currently, I'm using bitwarden password manager and it's also open source, but I don't know if it's more secure enough than Lastpass. In addition, I saw that the reddit community recently announced that the most voted application is Totalpassword, do you know about it?
Of course, I use them to store passwords because memorizing or storing hundreds of passwords manually is not easy, and I never use it to store my seed phrases.
November 01, 2023, 04:32:03 AM
I am just coming across this news right now, and need i say that this is absolutely shocking? This is indeed shocking, as I myself have been a very active user of LastPass all through 2018 to (i think 2021), and even up until now, some of the passwords to my email addresses are still passwords obtained from LastPass.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I'm also a fan of Lastpass but this isn't the first time they've been hacked and their customer data stolen. Almost every year I hear about this password manager being hacked and I have given up on it since 2020 until now. It's the worst app I've ever used.
Well, I wouldn't exactly say LastPass is the worst app I've ever used, because it did many things right. Their password generation and seamless integration with browsers was great. But that's worthless if your private info gets compromised.
If you still use this password manager (or did in the past but reuse those passwords), the best course of action would be to switch to something like KeePassXC or KeePass2. And change all the passwords LastPass saved, like right now. If this news about hacked wallets connects to LastPass's hack last year there's no telling what other info could get exposed later. Things may look okay today but your credentials are still at risk.
November 01, 2023, 03:29:57 AM
I am just coming across this news right now, and need i say that this is absolutely shocking? This is indeed shocking, as I myself have been a very active user of LastPass all through 2018 to (i think 2021), and even up until now, some of the passwords to my email addresses are still passwords obtained from LastPass.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I'm also a fan of Lastpass but this isn't the first time they've been hacked and their customer data stolen. Almost every year I hear about this password manager being hacked and I have given up on it since 2020 until now. It's the worst app I've ever used.
Owning a hardware wallet is definitely something any bitcoin investor should do. But what's more important in this story is that we should never store seed phrases or important things using online storage services. The risks of online storage are too great and we should not risk it just for the sake of convenience.
legendary
Activity: 2422
Merit: 1083
Leading Crypto Sports Betting & Casino Platform
November 01, 2023, 03:16:47 AM
I am just coming across this news right now, and need i say that this is absolutely shocking? This is indeed shocking, as I myself have been a very active user of LastPass all through 2018 to (i think 2021), and even up until now, some of the passwords to my email addresses are still passwords obtained from LastPass.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
I sure have not noticed anything like a hack on any of my emails but i guess this is a warning for me to change them, though i am no longer using LastPass, but somehow, i think this passwords may still be on their platform, thank you OP for bringing this topic up here, this is indeed a wakeup call for us all, i also will be working on buying my first hardware wallet, all this online hacks have become one too many to not give attention to.
November 01, 2023, 02:53:13 AM
Dang~~~ Lesson learned once again. Hackers will always be there look at the weakness and its our task to safe guard our passcodes. It is sad that maybe owners use hardware wallet yet they still put their keys online what's the point in doing so. That might be their retirement or future of their children that we are talking about, nevertheless let's just learn once again on this kind of incidents.
October 31, 2023, 08:08:29 PM
I'm on an iphone and do you have any app suggestions for iOS devices since I don't see KeePassXC for iOS or Android?
KeePassXC is like a total rewrite of the original KeePass password manager. The developers rewrote everything from scratch so it could work natively on Linux, Windows, and Mac instead of just Windows. But turns out the developers decided not to make their own mobile app because there's already some really good KeePass apps for Android and iPhone.
For Android, they recommend KeePassDX or KeePass2Android. Both seem solid based on reviews.
And on iPhone Strongbox or KeePassium are their top picks. I checked out Strongbox briefly and it looked slick and simple to use.
Anyway, the key thing is that all these mobile apps are open source and compatible with KeePassXC. So they can sync up and work together nicely.
October 31, 2023, 07:14:59 PM
I remember someone in the forum suggesting Lastpass to use to secure their password way back years ago. Luckily, I did not follow that suggestion. For me, any online storage has a high possibility of getting hacked. If it is secure today, we don't know if it is still secure in the next years. Hackers are getting smarter by the day, if the security does not evolve then it is more likely that it can be breached one day. Just like what happens in LastPass.
One lesson should be learned here, storing anything in cloud services is susceptible to hacking so we shoul avoid using this kind of service if we can.
One lesson should be learned here, storing anything in cloud services is susceptible to hacking so we shoul avoid using this kind of service if we can.
October 31, 2023, 06:55:35 PM
This is sad but whoever stores their crypto backups / seeds / passwords to wallets etc in an ONLINE password manage totally misunderstood tthe self-custody aspect of crypto / Bitcoin.
I still believe password managers do have some value - for throwaway logins or stuff that is just very convenient to access via some basic account. Anythign related to your identity or any real value does not belong there however.
Also, I do believe there are hardware solutions - didn't Trezor have a built-in password manager? Not sure if they continued this service, though
I still believe password managers do have some value - for throwaway logins or stuff that is just very convenient to access via some basic account. Anythign related to your identity or any real value does not belong there however.
Also, I do believe there are hardware solutions - didn't Trezor have a built-in password manager? Not sure if they continued this service, though
I believe that not all of these people had their seeds in LastPass. Some of them might have their exchange and email logins and passwords. This allowed the attackers to access their exchange accounts and withdraw money.
Currently people are holding cryptocurrencies on lending and staking platforms as well and it's enough to have access to email account to reset password on these sites and withdraw funds, since the confirmation often comes to that same email.
Also, don't underestimate people. They still fall victim to emails sent by Nigerian princes and send money to new investment platforms promoted by Elon Musk and Jeff Bezos
That is my thinking too. It has been over a year since the LastPass hack happened. There is no telling what kind of data the hackers got their hands on in that time and id bet the farm that the database has spread all over the dark web at this point, with hundreds or maybe thousands of shady characters trying to crack it and to get into those accounts.
I bet most LastPass users probably didnt even know their info was stored in the cloud. Your average LastPass user likely isnt tech savvy. They installed the extension without thinking twice about where their data would go. The browser extension works in the background - and not much different than the built-in password manager. And let us not forget that LastPass was supposed to be mega secure too. Tons of pros said it was top of the line. Whether thats true or not, LastPass was definitely the popular choice for managing passwords.
Anyway, anyone who doesn't notice their BTC or Crypto assets stolen from this LastPass hack, doesn't really really care about their asset. This is also a why, why notifications and authentication apps be used so as to assure safety of any crypto based asset of such.
October 31, 2023, 05:55:06 PM
This is sad but whoever stores their crypto backups / seeds / passwords to wallets etc in an ONLINE password manage totally misunderstood tthe self-custody aspect of crypto / Bitcoin.
I still believe password managers do have some value - for throwaway logins or stuff that is just very convenient to access via some basic account. Anythign related to your identity or any real value does not belong there however.
Also, I do believe there are hardware solutions - didn't Trezor have a built-in password manager? Not sure if they continued this service, though
I still believe password managers do have some value - for throwaway logins or stuff that is just very convenient to access via some basic account. Anythign related to your identity or any real value does not belong there however.
Also, I do believe there are hardware solutions - didn't Trezor have a built-in password manager? Not sure if they continued this service, though
I believe that not all of these people had their seeds in LastPass. Some of them might have their exchange and email logins and passwords. This allowed the attackers to access their exchange accounts and withdraw money.
Currently people are holding cryptocurrencies on lending and staking platforms as well and it's enough to have access to email account to reset password on these sites and withdraw funds, since the confirmation often comes to that same email.
Also, don't underestimate people. They still fall victim to emails sent by Nigerian princes and send money to new investment platforms promoted by Elon Musk and Jeff Bezos
That is my thinking too. It has been over a year since the LastPass hack happened. There is no telling what kind of data the hackers got their hands on in that time and id bet the farm that the database has spread all over the dark web at this point, with hundreds or maybe thousands of shady characters trying to crack it and to get into those accounts.
I bet most LastPass users probably didnt even know their info was stored in the cloud. Your average LastPass user likely isnt tech savvy. They installed the extension without thinking twice about where their data would go. The browser extension works in the background - and not much different than the built-in password manager. And let us not forget that LastPass was supposed to be mega secure too. Tons of pros said it was top of the line. Whether thats true or not, LastPass was definitely the popular choice for managing passwords.
October 31, 2023, 01:12:06 PM
This is sad but whoever stores their crypto backups / seeds / passwords to wallets etc in an ONLINE password manage totally misunderstood tthe self-custody aspect of crypto / Bitcoin.
I still believe password managers do have some value - for throwaway logins or stuff that is just very convenient to access via some basic account. Anythign related to your identity or any real value does not belong there however.
Also, I do believe there are hardware solutions - didn't Trezor have a built-in password manager? Not sure if they continued this service, though
I still believe password managers do have some value - for throwaway logins or stuff that is just very convenient to access via some basic account. Anythign related to your identity or any real value does not belong there however.
Also, I do believe there are hardware solutions - didn't Trezor have a built-in password manager? Not sure if they continued this service, though
I believe that not all of these people had their seeds in LastPass. Some of them might have their exchange and email logins and passwords. This allowed the attackers to access their exchange accounts and withdraw money.
Currently people are holding cryptocurrencies on lending and staking platforms as well and it's enough to have access to email account to reset password on these sites and withdraw funds, since the confirmation often comes to that same email.
Also, don't underestimate people. They still fall victim to emails sent by Nigerian princes and send money to new investment platforms promoted by Elon Musk and Jeff Bezos
October 31, 2023, 10:42:48 AM
I'm on an iphone and do you have any app suggestions for iOS devices since I don't see KeePassXC for iOS or Android?
I just went through KeePassXC website and it's not supported on mobile. KeePass, Padloc and Passbolt are open sourced password managers that are available on mobile versions. You can use them to save your passwords but I wouldn't advise you to save your seed phrase or private keys on them. For maximum security, anything seed phrase or private keys should be kept offline.Also, I just visited KeePassXC's website, they don't have a mobile version but they directly recommend apps for 2 popular phone operating systems. Strongbox and KeePassium for iOS, KeePassDX and KeePass2Android for Android operating system. I haven't tried these apps yet but it's worth a try. But even if they are open source and secure, we should never store important things like private keys there. As for the seed phrase and private key, there is no safer way to store them than keeping them offline at all times.
October 31, 2023, 10:06:28 AM
It seems crazy to me why anyone would store such large amount of assets in a password manager
that is widely known to have serious security issues. Do people not read the news?
LassPass is not a wallet so no assets were kept their. They victims stored their seed phrase and private keys on the password manager which was compromised when LassPass got hacked.that is widely known to have serious security issues. Do people not read the news?
I'm on an iphone and do you have any app suggestions for iOS devices since I don't see KeePassXC for iOS or Android?
I just went through KeePassXC website and it's not supported on mobile. KeePass, Padloc and Passbolt are open sourced password managers that are available on mobile versions. You can use them to save your passwords but I wouldn't advise you to save your seed phrase or private keys on them. For maximum security, anything seed phrase or private keys should be kept offline. October 31, 2023, 06:46:34 AM
Such a disappointing product and service, I know that it's inevitable that breaches will happen but given that they've got breached so easily, it's just disappointing to me as I like the idea of password managers to help you in securing your accounts by having a diverse password without the worry of forgetting the access but it seems that things for me is going to change, you can't trust what they sell anymore, I guess I'm back to using pen and paper storage for my passwords. Christmas came early for these hackers with how much they've stolen from the users of LastPass.
October 31, 2023, 06:08:14 AM
Also if you even think about storing sensitive things like seed phrases online, you better encrypt it with a second layer of encryption such as GPG. There's no way anyone is ever going to break through that if you secure it properly. But still move your funds anyway if you can do it safely.
Adding a second layer of encryption would be good, but for a long time I have thought that the vulnerability is in Chrome extensions or other extensions. They are cute and add features to browsing, but they are bad in terms of privacy, and I honestly do not know how hackers can benefit from services like LastPass if they recommend that users add a second layer of encryption.I have a theory that they are selling data and covering it up by saying that the service has been hacked.
A password manager selling its own vaults which leads to major losses for its own customers? That's a bit far fetched if you ask me, because if that were true, it would certainly mean the end of LastPass (if not already).
As far as extensions go, you need to somehow make sure that first you download the real, authentic version, and I'm not really sure of the process for which to verify the signatures of what you are downloading. At least not for stuff on the Chrome Web Store.
October 31, 2023, 05:22:01 AM
Also if you even think about storing sensitive things like seed phrases online, you better encrypt it with a second layer of encryption such as GPG. There's no way anyone is ever going to break through that if you secure it properly. But still move your funds anyway if you can do it safely.
Adding a second layer of encryption would be good, but for a long time I have thought that the vulnerability is in Chrome extensions or other extensions. They are cute and add features to browsing, but they are bad in terms of privacy, and I honestly do not know how hackers can benefit from services like LastPass if they recommend that users add a second layer of encryption.I have a theory that they are selling data and covering it up by saying that the service has been hacked.
LastPass password manager is closed source and I don't know why someone would trust such app with the safe storage of his/her seed phrase, private keys and other sensitive information.
People care about synchronization more than whether the service is closed or open source. People want to access all services from all devices without leaving the password for each device. 
October 31, 2023, 04:29:52 AM
So LastPass is that password manager where you can store all your passwords and stuff securely online.
There is nothing too good when keeping the asset online. whatever it's; data, password, money, and especially crypto, there is no point when we still keep and believe the application online. the example above (LastPass) is a small thing that we often hear. So when you are active on media social, you will hear more than above. Many users on media social did not exploit it because they were embarrassed and didn't want to look stupid. They still believe the cloud or any application password online is saving them from oblivion, but in fact it is not really safe instead it makes him lose even more. I don't know why people today are so lazy to write down passwords on paper, even if it's safer and they don't need money to subscribe to the application.
Maybe for some accounts that doesn't deal with any financial matters then we can use those password manager to help us out store our password. But for using it to safekeep our important accounts which our money is there well I really have doubts about future security of those apps since we don't know how they will end up on future so usually on case like this I would rather use notebook and write all important information like password,private key and etc, then put it on my small vault for security. Really to bad there are still people believing its safe since anything could happen on online apps whatever they say its secured and can't get hack.
People should not be lazy regarding dealing on their important accounts so that they would not regret the past actions and will not worry about any hacking especially if something hacking issues like this happen to a platform.
October 31, 2023, 04:11:54 AM
This situation is really annoying! This is yet another break, loss, or breach of trust that we are talking about. LastPass was meant to be a stronghold, but it was broken into, and the results were terrible. Thats a lot of crypto lost for nothing. A fake sense of safety? It gets old and annoying hearing about security leaks over and over again.
Because of this event, we need to take a hard look at our security measures and make some changes. Moving assets isnt enough; we need to completely rethink how we do things. Hardware wallets add an extra level of protection and control that is badly needed. People are being seriously asked to step up and protect possessions. We shouldnt be lazy. Lets act, protect, and secure.
Because of this event, we need to take a hard look at our security measures and make some changes. Moving assets isnt enough; we need to completely rethink how we do things. Hardware wallets add an extra level of protection and control that is badly needed. People are being seriously asked to step up and protect possessions. We shouldnt be lazy. Lets act, protect, and secure.
October 31, 2023, 03:32:28 AM
✂️
So LastPass is that password manager where you can store all your passwords and stuff securely online.
✂️
Can you imagine logging in one day and seeing your entire crypto portfolio gone?!
✂️
So LastPass is that password manager where you can store all your passwords and stuff securely online.
✂️
Can you imagine logging in one day and seeing your entire crypto portfolio gone?!
✂️
It certainly does keep happening, I cant believe that firstly someone or a group of
people would offer this service and secondly that other people would actually
use it and put 100% faith into a platform just because they said it was a secure
way to store your info and out of laziness.
I wonder if those people who got hacked had a face palm moment when they realised
the error they made in not taking full control of their info.
Jump to: