LastPass security breach linked to $35 million stolen in crypto heists
www.theverge.com
Researchers found that almost every victim was a LastPass user.

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

    • Anonymousllama@lemmy.worldEnglish
      7·
      1 year ago

      I’d be worried about losing access to the entirety of your passwords if Google up and decides that one day your account is suspended. There’s been a few reports historically where someone gets their Gmail account suspended for some mistaken reason and all their associated access gets pulled (e.g. from drive, sheets, etc)

        • jarfil@lemmy.worldEnglish
          1·
          1 year ago

          My Google account has been rock solid from the day I created it as a child

          Hopefully you were of legal age to accept the Terms of Service, otherwise it might’ve been an irregular account all this time.

            • jarfil@lemmy.worldEnglish
              1·
              1 year ago

              If it was, and you haven’t accepted the ToS as of legal age, then you might want to make a new one.

              Google is getting ready to purge inactive accounts starting next year, and it wouldn’t be the first time when a service purged irregular accounts many years after the fact, so… better safe than sorry.

    • Rai@lemmy.dbzer0.comEnglish
      3·
      1 year ago

      As a non-Google user, Lemmy is only “Chrome bad”. They’re “Android is the only way”

    • sab@lemmy.worldEnglish
      21·
      1 year ago

      …so far.

      For those that don’t mind self-hosting, which can be as easy as just running syncthing or resilio sync on your NAS, I can really recommend keepass.

      • NevermindNoMind@lemmy.worldEnglish
        8·
        1 year ago

        Me with interest, but no technical knowledge reading your comment:

        which can be as easy as

        :-)

        running syncthing or resilio sync on your NAS

        :-(

        I didn’t understand any of those words

        • sab@lemmy.worldEnglish
          2·
          1 year ago

          A NAS is a home storage server, like Synology that you can use to store images, videos and backups, etc on so you can access them from any computer or device in your home. With a couple of clicks, they can easily run applications like Syncthing or Resilio Sync, which are kinda like Dropbox, except you don’t have to pay Dropbox, you’ll just be storing the files on your own service.

          If that’s too much to handle, you can still just store your Keepass file in Dropbox, so that it’s available on all your devices. But in the end you’ll still be storing your personal data on someone else’s harddisk.

          So in short, is at easy as using a prefab service? No, you’ll have to invest some time, money, and knowledge yourself. But in the end, your data is not gathered in silo together with countless other users, which makes it a lot less attractive for hackers to try and steal it.

        • Jerkface@lemmy.worldEnglish
          2·
          1 year ago

          edit - nevermind I can’t even format a comment, let alone self host a… Thingie. What the other guy said.

        • diffusive@lemmy.worldEnglish
          5·
          1 year ago

          Self hosting is less appealing for criminals, though. Especially if the protocol is “vanilla” like ssh.

          When you hack LastPass you know what you’ll find, millions of passwords. When you hack a dude ssh you have one chance over one million that there is one dude password wallet.

          It doesn’t make financial sense to hack self hosting (unless it’s specific server software)