I don't buy LastPass' statement that this breach of master passwords was due to credential stuffing. If that were the case, then LastPass users who feel victim would have been using their master passwords for something else. The victims who posted in the HN thread specifically said they did not do that.
#cososec
LastPass Says It Didn’t Leak Your Master Password
https://www.howtogeek.com/776450/lastpass-says-it-didnt-leak-your-master-password/
It's not even possible for LastPass to leak the master passwords, they don't store them.
@mcfate
Agreed, but their explanation doesn't make sense to me either.
It doesn't make sense to you if you take a bunch of randos on Hacker News at their word.
I don't.
If LastPass never had possession of the passwords — and they didn't — how could they have "leaked" them? And why has this only hit a handful of LastPass users?
I'm guessing these people were either sloppy, chose crappy passwords, or both.
They should set up 2FA on their LastPass account.
@mcfate
You did read that I said I agreed that LastPass didn't leak anything, yes?
I did, yet you insist that you "don't buy their explanation" about the purported "leakage" of passwords you agree they never possessed.
I get that you have an animus towards an assortment of organizations, but you have a tendency to let it affect your thinking.
This is, I believe, one of those moments. I mean, feel free to explain to me why you place greater weight on the testimony of some random posters on HN over LastPass, but I don't see it having a real foundation.
@voltronic
Okey-dokey. Still no explanation of what you "don't buy", or why, which is all I was actually wondering about, but whatever. Shika ga nai yo.
Me, I "don't buy" the HN posting, because HN is about as full of nonsense as Slashdot is.
¯\_(ツ)_/¯