More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • SeducingCamel@lemm.ee
    link
    fedilink
    English
    arrow-up
    91
    ·
    1 year ago

    Switched to bitwarden as soon as they tried to charge a sub for multiple devices, I see that was the right choice

    • meseek #2982@lemmy.ca
      link
      fedilink
      English
      arrow-up
      28
      arrow-down
      1
      ·
      edit-2
      1 year ago

      Are you not worried your vault is still on their servers? I feel most companies don’t delete shit. Most have ways to get around it saying they keep some info for taxes, accounting, etc.

      I wouldn’t sleep well knowing my passwords were on there at any given time.

      • learningduck@programming.dev
        link
        fedilink
        English
        arrow-up
        27
        arrow-down
        4
        ·
        1 year ago

        You can host a bitwarden vault yourself. They open sourced and audited. So, trustworthy that there’s no back door somewhere to some degree.

      • SatyrSack@lemmy.one
        link
        fedilink
        English
        arrow-up
        8
        ·
        1 year ago

        So just change whatever passwords you had saved to LastPass. That would mitigate any issues, right?

        • CoderKat@lemm.ee
          link
          fedilink
          English
          arrow-up
          3
          ·
          edit-2
          1 year ago

          Pretty much. Though also any security questions or other private info you have saved, some of which is much more annoying to protect.

          Though one annoying thing is that even if you change everything, what they find might help them social engineer an attack.

          I second Bitwarden, BTW. Best password manager I’ve used.

        • meseek #2982@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Just. It’s not an insurmountable problem, but I wouldn’t be happy changing the login details, one by one, on the some 80 websites I have in my vault.

          Not to mention if you’re using an email anonymizer, you’ll have to regenerate new emails for them all too. I guess you could do it on demand, but knowing my batch of emails in floating around the dark web doesn’t sit well with me. Worse yet if it’s your actual email, then they have that now.

      • qaz@lemmy.world
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        It’s e2e and the code to do so is opensource, and you can always host Vaultwarden yourself.

    • sealhaslupus@lemmy.world
      link
      fedilink
      English
      arrow-up
      11
      ·
      1 year ago

      same here. nuked my lastpass account and switched everything over to bitwarden. their paid offering was worse from the competition and now i’m very glad i moved from them