TL;DR: Last Pass is broken. All passwords at the time of the breach were taken. They also got internal secrets from a laptop and can now probably throw computational power at anything they want to decrypt.

Switch. Do not use. Change everything you have if you were using it. Treat everything as breached.

  • BynarsAreOk [none/use name]
    ·
    2 years ago

    If it makes you feel better than you should probably switch but after reading the bulleting the key points are: Some encrypted passwords were taken. However they can only be decrypted by using the master password which they don't have access to and never have.

    In other words, as long as you have a strong master password the chances of you actually being hacked are next to zero. That said, some people are careless and they have bad passwords. That sucks for everyone but realisticaly that person also likely had the worst possible passwords before password managers gave them access to easy random passwords, so I'm not sure the net loss/win here in the long term.

    Personaly I've always used managers and I'll continue until something actualy meaningful changes.

    My reaction to this last week after reading "experts" talk about this is still the same now.

    I absolutely couldn't give less of a shit about some random fucker on the other side of the planet having access to my """""""""""""metadata"""""""""""", let alone giving two shits about them having access to the sacred metadata from dumb fucks working at [randomasscorporation]. How hackers are planning to use that to target corporations literally doesn't matter to me and shouldn't matter to anyone.

    If corporations care they'll change, if not they'll continue to use managers, apparently lastpass is huge with businesses so is this going to make them change? You know the answer already.