Remember that attack on accounts which LastPass claimed to be a glitch in their notification system? A commenter on my blog claims to have been hacked there. Attackers logged into LastPass and got everything to transfer out cryptocurrency funds.


Could still be a coincidence, or credential stuffing, or something else. But the point is: just because LastPass claims that they haven’t been compromised, you don’t have to believe them. And: no, their location-based checks won’t stop all attacks, don’t rely on that.

· · Web · 0 · 1 · 3
Sign in to participate in the conversation
Infosec Exchange

A Mastodon instance for info/cyber security-minded people.