The [REDACTED] Hacker

The Rise and Fall of LastPass

☠️ LastPass was hacked (again).  The fallout of this breach is far worse than cybersecurity experts want to admit and requires immediate action on the part of users (and others!) 👇🏻👇🏻  See Instructions Below!  👇🏻👇🏻 🕵️ In Episode #000 of The [REDACTED] Hacker, Brenton House walks you through this latest cybersecurity incident from LastPass.  Discover what exactly happened here and what you need to do TODAY! ▬▬▬▬▬ 🟠 LastPass Cybersecurity Timeline 🟠 ▬▬▬▬▬ 💥  On August 25, 2022, LastPass revealed that an unauthorized party gained access to parts of the developer environment at LastPass through an individual compromised developer account.  According to LastPass, the unauthorized party took some source code and proprietary technical information. 💥  On September 15, 2022, They disclosed that the unauthorized party was in the developer environment for four days.  At the time, LastPass claimed the incident did not involve any access to customer data or encrypted password vaults. 💥  On November 30, 2022, LastPass revealed that "unusual activity" within a third-party cloud storage service was detected.  Previously gained knowledge facilitated this incident.  The unauthorized party gained access to certain elements of customer information on storage service used by both LastPass and GoTo. 💥  On December 22, 2022, LastPass disclosed that the threat actor obtained customer account information such as names, billing addresses, email addresses, telephone numbers, and their encrypted vaults.  LastPass claimed the encrypted data is strongly encrypted and requires that a customer’s master password be decrypted first. 💥  Along with the password vaults, some unencrypted data was also stolen and included some of the customer password vault data including: 👀 Company names 👀 End user names 👀 Billing addresses 👀 Email addresses 👀 Telephone numbers 👀 IP addresses that customers used to access LastPass 👀 Website addresses of EVERY password account stored in customer vault. 💥  Other security items that have been revealed: 👉🏼 Many users are reporting that their password iterations settings were never updated to the default 100,100 iterations. (which by the way is far lower than the default should have been set to by LastPass). In fact, the encryption iteration count for some users was set to very low numbers.  Some people are reporting that their iteration count was set to 1.  That's right 1.  Incredibly, that was actually the default setting for years at LastPass. 👉🏼  New password requirements implemented by LastPass back in 2018 were apparently never retroactively applied to older accounts, thus leaving many accounts potentially vulnerable. ▬▬▬▬▬ 💀 Hacker Resources 💀 ▬▬▬▬▬ 💀  Download Encrypted Lastpass Vault  👉🏼 https://api2.day/lastpass-download 💀  ChatGPT Generated LastPass Decoder 👉🏼 https://api2.day/lastpass-decoder ▬▬▬▬▬ 🔵 BONUS LINKS 🔵 ▬▬▬▬▬ ⚡ https://api2.day/lastpass-bitwarden ⚡ https://api2.day/lastpass-flaw ⚡ https://api2.day/lastpass-hackernoon ⚡ https://api2.day/lastpass-hackernews ⚡ https://api2.day/lastpass-disclosure ⚡ https://api2.day/lastpass-encrypt ⚡ https://api2.day/lastpass-explained ▬▬▬▬▬ 👀 LET'S CONNECT 👀 ▬▬▬▬▬ ⭐   LinkedIn 👉🏼 https://api2.day/linkedin ⭐   Twitter 👉🏼 https://api2.day/twitter ⭐   YouTube 👉🏼 https://api2.day/youtube ⭐   Medium 👉🏼 https://api2.day/medium ⭐   Dev.to 👉🏼 https://api2.day/devto ⭐   Software AG 👉🏼 https://api2.day/sag-brenton