Remember that attack on accounts which LastPass claimed to be a glitch in their notification system? A commenter on my blog claims to have been hacked there. Attackers logged into LastPass and got everything to transfer out cryptocurrency funds.

· · Web · 1 · 1 · 2

Could still be a coincidence, or credential stuffing, or something else. But the point is: just because LastPass claims that they haven’t been compromised, you don’t have to believe them. And: no, their location-based checks won’t stop all attacks, don’t rely on that.

Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.