This is why you should not use closed source software for storing any sensitive information like passwords.
Also why you should never use hardware wallet that is NOT open source such as Ledger hardware wallet, which had at least one or two data breaches in the past.
The moral of the story is -- stay far away from closed source products such as Lastpass and Ledger!
Topic: LastPass hack - move your crypto assets to a more secure place right now! - page 4. (Read 514 times)
October 30, 2023, 04:46:10 PM
October 30, 2023, 04:43:00 PM
The first thing anyone venturing into Internet related business should learn is security. By security, the issue of centralized and decentralized platforms should be taken seriously. This hack have just proven once again that centralized platforms are not safe no matter how one view it.
I honestly wonder how someone will save sensitive information in am online platform. Anything connected to the Internet is already at risk, how much sensitive information that are willingly given to a third party.
Well, their loss is a lesson to others and I hope they recover the funds.
I honestly wonder how someone will save sensitive information in am online platform. Anything connected to the Internet is already at risk, how much sensitive information that are willingly given to a third party.
Well, their loss is a lesson to others and I hope they recover the funds.
But it is a password manager! The main thing they are supposed to do is keep people's private stuff safe. And LastPass was really popular and had a good reputation and tons of users and so how could they mess up security that bad? I mean sure there are better options like that KeePassXC, but you still gotta trust whoever makes it. I know its open source so anyone can check the code, but not everyone can do that.
To be honest, I dont even know if there is a viable alternative to a password manager, since we all deal with hundreds of different passwords almost every day.
October 30, 2023, 04:31:53 PM
So, people use online services to store their seed phrases/private keys? Ok, why don't you guys just give me your keys, I promise to keep them safe, whenever you wanted to access them, just give me the password, and I will let you access them.
I want to know what is the difference between me and last pass? Fine, I know I can't be there for you 24/7, but the security of your private keys is equal to the security of lastpass, why? Because of human element involved.
How can we educate people about this issue of trusting third parties with their funds? We'll grow white hair and die, people will continue to trust strangers, at least when you teach kids not to go with strangers they'd learn and listen, crypto community is less than kids in learning? Disappointment!
I want to know what is the difference between me and last pass? Fine, I know I can't be there for you 24/7, but the security of your private keys is equal to the security of lastpass, why? Because of human element involved.
How can we educate people about this issue of trusting third parties with their funds? We'll grow white hair and die, people will continue to trust strangers, at least when you teach kids not to go with strangers they'd learn and listen, crypto community is less than kids in learning? Disappointment!
October 30, 2023, 03:52:56 PM
LastPass is hacked every year or so. I don't get why do people usee such a software without doing any kind of research
LastPass is not safe.
LastPass is not safe.
Online password managers are great if you know what you're doing.
Some of the things I've safely used them for:
-burner emails
-news sites that required an account to see the content
-online stores where you can buy without registering, but an account allows me to monitor my package
-sites that I knew I wouldn't use, but wanted to check out
Why wouldn't I use a normal password?
Because I have maybe 4 that I use in different combinations like with dates and special signs and I don't want to compromise them because those are the ones I always remember.
For the rest of them I use generated passwords or things that come to my mind at the time. Say I eat chicken with rice so my password will be chickenrice66 or something like that.
I don't remember these passwords after a week or so, and the password manager comes in handy.
October 30, 2023, 03:42:06 PM
I have once backed up my phrase key in an online notepad platform called Evernote. I have used it for a couple of months and after some time my wallet was hacked. Some kind of script or something was implemented in my wallet. Every time I try to deposit any native token like ETH, BNB or BTC, they were automatically sent out to a specific wallet address that belongs to the hacker. After that I have done my research and found out that it is highly risky to keep any backup online.
That's pretty bad for storing sensitive keys any online site or 3rd party password manager always has risk and is vulnerable to any attacks.
I've used Evernote before for SEO purposes but not for storing any passwords or keys it makes your notes public or I think the owner of Evernote reads them.
The best storage for saving your seed backup or private keys digitally is by saving them into an offline device like old phones, encrypted USB flash drive or CD/DVD is also good storage if you want to save your keys for a long-term.
October 30, 2023, 03:10:42 PM
Each of us would have a different view, but I think it will be a stupid decision to store your cryptographic credentials with a third party. I don't believe any third party when it's related financially. I don't even feel comfortable using a custodial wallet. Why should we hand over our wallet credentials to a third party? Can't we write our wallet credentials in our personal notebook? If we can't secure our wallet credentials, then we don't have the right to use crypto. There are many trusted non-custodial wallets, but we need to secure the seed phrase. Otherwise, we can't secure our funds anyway. However, this is a lesson and an important notice for crypto users. Just avoid such actions.
people need to learn their lessons the hard way before they will come into their senses that using third party platforms is not the way to secure their funds or any other asset. it is always best to have total control of your assets by using noncustodial wallets. if you think you can't secure your seed phrases or passwords, maybe this asset is not for you. this is why i believe, a lot are still opting to use traditional banks because they don't want to be responsible in the security of their funds, and someone is taking care the storage for them.
October 30, 2023, 03:06:53 PM
With how LastPass has been since many months ago after hackers was able to have access to millions of users encrypted backups, some people were still thinking something like this will not happen.
Probably many of the encrypted backups have been decrypted.
This has began since August 22, 2022 and now finally.
https://www.kiplinger.com/personal-finance/lastpass-hack
Do not trust online backups because anything online can be hacked. Offline backups are secure enough.
Probably many of the encrypted backups have been decrypted.
This has began since August 22, 2022 and now finally.
https://www.kiplinger.com/personal-finance/lastpass-hack
Do not trust online backups because anything online can be hacked. Offline backups are secure enough.
October 30, 2023, 03:05:55 PM
LastPass is hacked every year or so. I don't get why do people usee such a software without doing any kind of research
LastPass is not safe.
And the list goes on!
I am now using ProtonPass, which i believe is a more serious company. But nobody should store seeds or private keys in a password manager.
LastPass is not safe.
Quote
https://www.pcworld.com/article/1419901/lastpass-got-hacked-again-and-this-time-your-data-got-taken.html
An investigation has so far revealed that the breach stemmed from knowledge gained during the August 2022 incident, and that “certain elements of customers’ information” have been accessed.
..
LastPass has suffered hacks of its service in previous years, with notable incidents including 2015’s unauthorized access of user account email addresses, password reminders, and authentication hashes. Other security lapses include 2017’s browser extension vulnerability, which allowed websites to steal passwords. In 2019, the same security researcher who discovered the 2017 issue also discovered another browser extension vulnerability that allowed the last used password to be leaked. The company has even made communication bumbles, like security alert emails sent to customers unaffected by a credential stuffing attack.
An investigation has so far revealed that the breach stemmed from knowledge gained during the August 2022 incident, and that “certain elements of customers’ information” have been accessed.
..
LastPass has suffered hacks of its service in previous years, with notable incidents including 2015’s unauthorized access of user account email addresses, password reminders, and authentication hashes. Other security lapses include 2017’s browser extension vulnerability, which allowed websites to steal passwords. In 2019, the same security researcher who discovered the 2017 issue also discovered another browser extension vulnerability that allowed the last used password to be leaked. The company has even made communication bumbles, like security alert emails sent to customers unaffected by a credential stuffing attack.
And the list goes on!
I am now using ProtonPass, which i believe is a more serious company. But nobody should store seeds or private keys in a password manager.
October 30, 2023, 03:03:53 PM
The first thing anyone venturing into Internet related business should learn is security. By security, the issue of centralized and decentralized platforms should be taken seriously. This hack have just proven once again that centralized platforms are not safe no matter how one view it.
I honestly wonder how someone will save sensitive information in am online platform. Anything connected to the Internet is already at risk, how much sensitive information that are willingly given to a third party.
Well, their loss is a lesson to others and I hope they recover the funds.
I honestly wonder how someone will save sensitive information in am online platform. Anything connected to the Internet is already at risk, how much sensitive information that are willingly given to a third party.
Well, their loss is a lesson to others and I hope they recover the funds.
October 30, 2023, 02:59:15 PM
Each of us would have a different view, but I think it will be a stupid decision to store your cryptographic credentials with a third party. I don't believe any third party when it's related financially. I don't even feel comfortable using a custodial wallet. Why should we hand over our wallet credentials to a third party? Can't we write our wallet credentials in our personal notebook? If we can't secure our wallet credentials, then we don't have the right to use crypto. There are many trusted non-custodial wallets, but we need to secure the seed phrase. Otherwise, we can't secure our funds anyway. However, this is a lesson and an important notice for crypto users. Just avoid such actions.
October 30, 2023, 02:51:42 PM
I have once backed up my phrase key in an online notepad platform called Evernote. I have used it for a couple of months and after some time my wallet was hacked. Some kind of script or something was implemented in my wallet. Every time I try to deposit any native token like ETH, BNB or BTC, they were automatically sent out to a specific wallet address that belongs to the hacker. After that I have done my research and found out that it is highly risky to keep any backup online.
Everything that is related to internet, anything could happen to them at any time. Doesn't matter how secure it is or how much you trust the platform, it is not 100% sure that nothing will happen to them. Not your key, not your coin. So how can you trust your key to someone else. Online platforms are not immune to hacking. No matter how much secure it is if the right person chooses to hack it then of course he can. So be aware and make offline backups.
I don't have any online backup of my phrase key. So I have nothing to worry about.
Everything that is related to internet, anything could happen to them at any time. Doesn't matter how secure it is or how much you trust the platform, it is not 100% sure that nothing will happen to them. Not your key, not your coin. So how can you trust your key to someone else. Online platforms are not immune to hacking. No matter how much secure it is if the right person chooses to hack it then of course he can. So be aware and make offline backups.
I don't have any online backup of my phrase key. So I have nothing to worry about.
October 30, 2023, 02:48:01 PM
Nobody should be using an online password manager; especially when it comes to sensitive information like private keys. There is no reason to trusting intermediaries when you have cryptography. Install KeePassXC on both your main computer and your mobile. Use a strong password to encrypt both password databases. Back them up. Both the databas(es) (digitally) and the encryption pass (on paper).
October 30, 2023, 02:41:18 PM
Bad news, folks! I just saw this article about how a bunch of LastPass users got hacked and lost millions in crypto. So LastPass is that password manager where you can store all your passwords and stuff securely online. But they got breached last year when someone stole an employee's credentials. and Since then, hackers have been targeting LastPass users who might kept their crypto wallet info on there - private keys, seed phrases etc.
According to the article, at least 25 LastPass users were hit and the hackers made off with about $4.4 million in crypto across different blockchains - Bitcoin, Ethereum, BNB Arbitrum, Solana, Polygon.. and users wallets got completely cleaned out in just one day. Can you imagine logging in one day and seeing your entire crypto portfolio gone?!
This is a wake up call if you've ever stored sensitive info like crypto keys on LastPass or similar services. You gotta move your assets to a more secure spot, like a hardware wallet or something. Seriously go do it! This stuff keeps happening over and over again. Don't be the next victim!
LastPass Hack Victims Lose $4.4M in a Single Day
https://x.com/zachxbt/status/1717901088521687330?s=20
According to the article, at least 25 LastPass users were hit and the hackers made off with about $4.4 million in crypto across different blockchains - Bitcoin, Ethereum, BNB Arbitrum, Solana, Polygon.. and users wallets got completely cleaned out in just one day. Can you imagine logging in one day and seeing your entire crypto portfolio gone?!
This is a wake up call if you've ever stored sensitive info like crypto keys on LastPass or similar services. You gotta move your assets to a more secure spot, like a hardware wallet or something. Seriously go do it! This stuff keeps happening over and over again. Don't be the next victim!
LastPass Hack Victims Lose $4.4M in a Single Day
https://x.com/zachxbt/status/1717901088521687330?s=20
Jump to: