Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

  • ram@bookwormstory.social
    link
    fedilink
    English
    arrow-up
    4
    ·
    1 year ago

    Just this month a link was made between $35 million in crypto being stolen and the 150 victims being LastPass users.

    In 2022 Lastpass was compromised through a developer's laptop and had customer data like emails, names, addresses, partial credit cards, website urls, and most importantly vaults stolen last year, and given they're closed source, have no independent audits, and don't release white papers, we have no idea how good their encryption schemes actually are nor if they have any obvious vulnerabilities.

    In 2021, users were warned their master passwords were compromised.

    In 2020 they had an issue with the browser extension not using the Windows Data Protection API and just saving the master password to a local file.

    What will 2024 bring for LastPass? They were hacked, and there's no reason to think they won't see more breaches of confidential customer information and even passwords in the future. This is a repeated pattern, and I'd better trust a post-it-note on my monitor for security than LastPass at this point.