Another LastPass Security Incident

Ice Tea · 30 Dec 2022 at 08:04

Dixons Carphone fined after hackers 'targeted 14 million customers'

The company says it plans to appeal some of the findings of the investigation by the Information Commissioner's Office.

news.sky.com

caff said:
I don't want to be bullish, but I think every convenient/easy password manager service out there is susceptible to hacks or breaches like this.

I have very mixed feelings as large breaches like lastpass (or the one above for example) have happened and will happen and the only control we have is to change our passwords as we have no control over all the computers that hold our personal information for billing and such yet its hard to ignore the feeling that lots of people have of Panic!, Panic! , Panic! , dig trenches, setup laser turrets, we are all completely ******!

Ice Tea · 30 Dec 2022 at 08:20

GaryTheSnail said:
They should have good enough devs to be able to keep the holes closed IMO. Password vaults should be 100% secure.

If they can't make SSL https links 100% secure that started heartbleed then it doesn't give much hope for a 100% secure vault as SSL is the second biggest project on the internet, has the most amount of devs checking over the code and has had millions spent on it thanks to the likes of Google and Microsoft in security audits.

They always say the worst security is on the inside and that certainly true for Lastpass and SSL as both have been breached due to the dev side of things.

Ice Tea · 15 Jan 2023 at 13:09

NortonLifeLock warns that hackers breached Password Manager accounts

Gen Digital, formerly Symantec Corporation and NortonLifeLock, is sending data breach notifications to customers, informing them that hackers have successfully breached Norton Password Manager accounts in credential-stuffing attacks.

www.bleepingcomputer.com

Never heard of that one before.