LastPass threat actor steals $5.4M from victims just a week before Xmas

SquirrelJulietGarden

hero member

Activity: 1442

Merit: 775

Quote from: GreatArkansas on Today at 12:40:57 AM

I really don't trust Lastpass since the beginning. My company uses it that's why I am forced to use it as well. But now, after reading this. I am uninstalling it.
I'll stick to use KeePass, or some open sourced password manager which already proven for how many years that I already using them and everything is safe and sound.

[GUIDE] How to Create a Strong/Secure Password.

It is your topic that I like, but I think it's time for you to update it and make your note about Last Pass. It can help many newbies to have early warnings about senior members like you, about possible risk from Last Pass and can help them to pick better Password Manager Softwares, by avoiding Last Pass in their option list.

GreatArkansas

legendary

Activity: 2534

Merit: 1397

I really don't trust Lastpass since the beginning. My company uses it that's why I am forced to use it as well. But now, after reading this. I am uninstalling it.
I'll stick to use KeePass, or some open sourced password manager which already proven for how many years that I already using them and everything is safe and sound.

SquirrelJulietGarden

hero member

Activity: 1442

Merit: 775

Quote from: LogitechMouse on December 17, 2024, 10:24:13 PM

There might be some that are foolish enough to use LastPass despite of what happened in the past, but I also believe that there are some newbies out there who searched for a password manager and the first thing that they saw was LastPass.

Just like on this one: https://hub.easycrypto.com/best-password-managers. If you searched on Google, this is what will show:

I will get my advice for password managers from https://www.privacytools.io/secure-password-manager.

It's shady and bad to see LastPass appears on top of search reasult. Many people will be fooled by this bad search result for best password managers to use.

Newbies need to search for more details, reviews about LastPass after they were given it or any password manager on top of search result. If they're careful, they will do this next search.

Search with "last pass password manager hack history", some bad results about Last Pass will be given.
https://en.wikipedia.org/wiki/LastPass

Quote

LastPass suffered significant security incidents between 2011 and 2022. Notably, in late 2022, user data, billing information, and vaults (with some fields encrypted and others not)[a][8] were breached, leading many security professionals to call for users to change all their passwords and switch to other password managers.[9]

Last Pass breach timeline.
Examining the LastPass Breach Through our Password Table

If they did it, saw these bad history, they will not likely use Last Pass.

LogitechMouse

legendary

Activity: 2576

Merit: 1043

Need A Campaign Manager? | Contact Little_Mouse

Quote from: _act_ on December 17, 2024, 05:55:46 AM

---
Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

There might be some that are foolish enough to use LastPass despite of what happened in the past, but I also believe that there are some newbies out there who searched for a password manager and the first thing that they saw was LastPass.

Just like on this one: https://hub.easycrypto.com/best-password-managers. If you searched on Google, this is what will show:

LastPass is the first one to show, and since most newbies will just take the first one, and use it without doing some research, they are most likely the ones that will fall into this. This is why whenever we want to use something for the first time especially when it is related to cryptocurrency, doing some proper research would be very helpful. Anyway, it's just sad that there are people that lost their money a few days before the holiday season. What a bad way to end the year, eh?

SilverCryptoBullet

member

Activity: 97

Merit: 43

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

It must be non custodial on our own device or best offline like Bitcoin wallet and cryptocurrency wallet. It needs to be open source too. Storing passwords online is very dangerous because we can not trust any third party to save passwords for us.

Some better password manager softwares.
Proton pass: https://proton.me/pass/download
Keepass: https://keepass.info/download.html
Password safe: https://pwsafe.org/
KeepassXC: https://keepassxc.org/download/#windows
Bitwarden: https://bitwarden.com/download/

avp2306

sr. member

Activity: 1022

Merit: 363

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

Quote from: https://cointelegraph.com/news/lastpass-threat-actor-steals-over-5-million-from-40-victims

The notorious LastPass hackers may have just ruined Christmas for another 40 victims by stealing $5.36 million from LastPass users — just eight days before the holiday.

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

Since this platform still operation so I really think that there are still using this platform. I guess the problem starts on the laziness of people. They just want to copy paste everything that's why they choose to use that platform.

Those incident like data breaching and same situation happen on this case you pointed out here should be the reason on why people should avoid using any password manager like LastPass.

People should need to get an update on latest news since if they play fool around and just let those events to pass then there's more huge chance for them to get compromised just like what happen here.

Coyster

legendary

Activity: 2184

Merit: 1302

Playbet.io - Crypto Casino and Sportsbook

This attack is also linked to the security breach that happened in 2022, it is shocking that people still have their seed phrase stored in Lastpass even after the incident and the once that followed after it, that is both in October last year and early this year.

I have never stored my seed phrase in a password manager before, but i cannot understand how people wouldn't move their assets to a new wallet after the password manager they use suffered a serious security breach two years ago, unbelievable.

tabas

hero member

Activity: 3024

Merit: 745

Top Crypto Casino

Quote from: Hatchy on December 17, 2024, 02:57:55 PM

That the truth about life mate, no matter how much we speak of protecting our keys, some people still will make the mistake of storing it the wrong way. We can't stop it all. Every day, newbies are rushing into the market with no idea on right way to keep their coins safe. So long they are making money that's their own concern. Its so sad that some still fell victim of the last pass scam after what happened the last time. Though with this, there will be more awareness if the vulnerability of such online password manager. Let's all be safe.

That is nothing but the truth. Advocates of keeping safe storage for their keys, crypto assets and other information have been here but if the victims are not that savvy to research on how to keep themselves safe then they have no idea on how to store their coins well. They'd just rely on a service that they believe to be protecting their assets. And for keeping passwords and other important details, all you have to do is to keep that private and no need to actually use some apps for it. I'd still do the traditional way of writing to make myself busy and at least that's what I think is the safest.

EL MOHA

sr. member

Activity: 602

Merit: 295

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

One thing I have said is many people are definitely just too ignorant about their holdings they don’t care much about all this things, lastpass isn’t what only has been warned against to crypto community other warnings have been keeping funds on centralized exchanges and they still do not aid to the advice rather some blindly support the idea that it wouldn’t happen to bigger exchanges. Another example is the ledger wallet which is still been used even with their poor recovery policy. One thing I know is that many people prioritize comfortability over what is actually right for them. They want the easiest option which we all know in crypto is a very risky choice because it is mostly the hot storage methods which are easy. So I am not utterly surprised about this hack

Amphenomenon

sr. member

Activity: 700

Merit: 470

Hope Jeremiah 17vs7

Quote from: BIT-BENDER on December 17, 2024, 10:53:47 AM

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

The truth is that if you aren't accountable and can't be able to protect your own details then why are you in Crypto-currency in the first place, one key functionality of crypto-currency is that you become your own bank how can you be your own bank when you can save something like your keys and require an online manager, anyone doing this should just make use of the bank.

This is also an issue but I have to admit may be using a password manager might be over all a bad idea but an online manager should be an obvious no for storing funds or any important data.

Although I will say they are ought to be blamed since after all this password manager suffered the data breach in 2022 and they continue to use that same keys they were using at that time. Except this is occur through a new data breach I won't put much blame on the LastPass. But in the aspect of finance or any confidential data, once beaten twice shy is a good motto for it, because after their first data breach happened I expected no one to be using their services for such and even if they really love the Password Manager things about confidential data and finance should be a no on it.

Ever-young

sr. member

Activity: 1288

Merit: 231

Hire Bitcointalk Camp. Manager @ r7promotions.com

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

People are just too lazy to take care of their own security themselves; ignorance, they said, is a disease. They feel since it's a company with a big name in the past, they are safe with leaving their key with them. Not your key, not your coin, but in such a case it's now the key of the masses since it's now in the hands of a third party.

Instead of using a non-custodial wallet and still entrusting my private key to an online security service, I would rather use a centralised exchange where I know I don't have control of my coins, but I beg the exchange for permission before I use it.

Richbased

sr. member

Activity: 420

Merit: 253

Quote from: Odohu on December 17, 2024, 10:59:02 AM

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

Quote from: https://cointelegraph.com/news/lastpass-threat-actor-steals-over-5-million-from-40-victims

The notorious LastPass hackers may have just ruined Christmas for another 40 victims by stealing $5.36 million from LastPass users — just eight days before the holiday.

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

The truth is not everyone is as informed as majority of us on this forum. I have fallen victim to scam before and it is not something funny so I completely understand that scammers will always exploit the vulnerability and ignorance of some people. One thing is certain, people will learn from the mistakes of others because hacking and these kinds of things will always happen, we should just endeavor not to be the victim of such by protecting ourselves and our resources. Using a third party platform to manage secret information is a grave mistake and I hope people learn very fast.

You are right to some extent because you can't tell me that somebody will be making use of a site for a long time and not be able to have a quality knowledge of what they are getting involved in, because most of these victims are not newbies but people who already knows the risk associated in storing their passwords with an online password manager because even though it seems like you are the only one that has access to your passwords since it's being encrypted but there is still possibility of a compromise just as it has happened to these 40 victims.

In this modern day will someone still trust any platform to help keep their passwords safe for them, it's really very risky. Ignorance shouldn't be an excuse anymore because for anyone who has access to the internet must have been exposed to the risk associated with anything related to online as they are vulnerable to attacks and hacks. The problem is just that even though this people has fallen victim, some others won't still learn till they become victims themselves.

Hatchy

sr. member

Activity: 336

Merit: 365

The Alliance Of Bitcointalk Translators - ENG>PID

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

That the truth about life mate, no matter how much we speak of protecting our keys, some people still will make the mistake of storing it the wrong way. We can't stop it all. Every day, newbies are rushing into the market with no idea on right way to keep their coins safe. So long they are making money that's their own concern. Its so sad that some still fell victim of the last pass scam after what happened the last time. Though with this, there will be more awareness if the vulnerability of such online password manager. Let's all be safe.

Odohu

hero member

Activity: 546

Merit: 516

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

Quote from: https://cointelegraph.com/news/lastpass-threat-actor-steals-over-5-million-from-40-victims

The notorious LastPass hackers may have just ruined Christmas for another 40 victims by stealing $5.36 million from LastPass users — just eight days before the holiday.

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

The truth is not everyone is as informed as majority of us on this forum. I have fallen victim to scam before and it is not something funny so I completely understand that scammers will always exploit the vulnerability and ignorance of some people. One thing is certain, people will learn from the mistakes of others because hacking and these kinds of things will always happen, we should just endeavor not to be the victim of such by protecting ourselves and our resources. Using a third party platform to manage secret information is a grave mistake and I hope people learn very fast.

BIT-BENDER

hero member

Activity: 1666

Merit: 709

Playbet.io - Crypto Casino and Sportsbook

Quote from: _act_ on December 17, 2024, 05:55:46 AM

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

The truth is that if you aren't accountable and can't be able to protect your own details then why are you in Crypto-currency in the first place, one key functionality of crypto-currency is that you become your own bank how can you be your own bank when you can save something like your keys and require an online manager, anyone doing this should just make use of the bank.

_act_

legendary

Activity: 1064

Merit: 1298

Lightning network is good with small amount of BTC

Are people still using LastPass? Since what happened in 2022. I do not think someone should still be using this password manager. Who is to blame? Not reading the news or storing of your keys on an online manager.

Quote from: https://cointelegraph.com/news/lastpass-threat-actor-steals-over-5-million-from-40-victims

The notorious LastPass hackers may have just ruined Christmas for another 40 victims by stealing $5.36 million from LastPass users — just eight days before the holiday.

Why are people like this. Why is something that can be used to access your money be stored online? Also since the LassPass vulnerability since two years and many months ago, why are people still so foolish.

Topic: LastPass threat actor steals $5.4M from victims just a week before Xmas (Read 121 times)