LowEndBox - Cheap VPS, Hosting and Dedicated Server Deals

LastPass Releases Its Security Incident for 2022

LastPassSometimes you see stuff in the media and wonder if it’s really news.  Some celebrity broke up with some other celebrity.  Some tech company released version X.Y which is .0001% better.  LastPass was hacked again.  Some athlete said the wrong thing.  There’s a new kpop band.

You see these pieces and wonder why anyone bothered reporting them.  Take a random example: LastPass was hacked.  Um…so what?  Isn’t this just continually happening?  What a waste of electrons to write a story about it.

I’m being sarcastic.  But not really.

LastPass was hacked in 2011, 2015, 2016, 2017, 2019, 2021, and now in 2022.  I believe they’re trying to be more consistent.

This year’s annual hack was rather mild:

Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.  

We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally. 

You think maybe that developer had a poor password or was recycling passwords…

You know what’s amazing?  There isn’t even a security incident section on Wikipedia for some competing products (e.g., 1Password).

If you use LastPass, switch.

4 Comments

  1. Paul:

    LastPass hit piece?

    August 26, 2022 @ 1:17 pm | Reply
    • HCS:

      lastpass is open about it’s incidents. The other password managers? no they don’t..they have to be shamed otherwise they deny deny deny..if you are using something other than lastpass or bitwarden..switch.

      August 26, 2022 @ 11:13 pm | Reply
    • Hi Paul, what would make it a hit piece?

      August 27, 2022 @ 10:28 pm | Reply
  2. hcs:

    https://www.youtube.com/watch?v=8vIq2Gc6SSE

    lastpass does not keep your master password so even if lastpass got owned(which they didn’t0 the chances of getting into your encrpyted vault is neglible.

    August 26, 2022 @ 11:30 pm | Reply

Leave a Reply

Some notes on commenting on LowEndBox:

  • Do not use LowEndBox for support issues. Go to your hosting provider and issue a ticket there. Coming here saying "my VPS is down, what do I do?!" will only have your comments removed.
  • Akismet is used for spam detection. Some comments may be held temporarily for manual approval.
  • Use <pre>...</pre> to quote the output from your terminal/console, or consider using a pastebin service.

Your email address will not be published.