<invalid character>
Follow

This is bad.... Not the end of the world bad, but still bad. The attacker still needs to figure out individual master passwords to get your encrypted site passwords, but they have everything else.

Now to convince my wife to change /everything/ to onePassword.

arstechnica.com/information-te

· 4· 4· 6
Comfortably numb  

@0x56 🤔

' It's not clear if the Plex breach has any connection to the LastPass intrusions. Representatives of LastPass and Plex didn’t respond to emails seeking comment for this story '

This means it's far worse than we know at this point because they don't know either I suspect.

0
Comfortably numb  

@0x56 :facepalm: how fucking stupid!

' One LastPass dev had access to this internal dev vault and was allowed to install Plex, which had a major security vulnerability. The hackers installed a keylogger onto that developer's PC and extracted that dev's Master Password and MFA code to the LastPass internal vault. Thus, the LastPass internal vault was immediately decrypted. Because they stole that dev's Master Password + MFA. '

0
Sign in to participate in the conversation

CounterSocial is the first Social Network Platform to take a zero-tolerance stance to hostile nations, bot accounts and trolls who are weaponizing OUR social media platforms and freedoms to engage in influence operations against us. And we're here to counter it.

Resources

Developers

What is CounterSocial?

Created by potrace 1.15, written by Peter Selinger 2001-2017

counter.social

More…