this post was submitted on 07 Sep 2023
74 points (100.0% liked)
Cybersecurity News
1331 readers
5 users here now
Welcome to Cybersecurity News!
A community that collect news and other tidbits related to cybersecurity in all its domains.
There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.
We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.
New to Cybersecurity?
Here are some resources to get you started:
Related Communities
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
How does this happen? Isn't the database encrypted? Did they use a weak masterpassword?
lastpass has shitty security and they're constantly getting hacked.
It is encrypted, but LastPass allowed weak passwords until 2018, and also allowed low iterations on their vaults. On top of that, because the hackers have access to the entire vault, they can do local brute force attacks, bypassing any rate limiting LastPass had in place to prevent it. They're using massive mining rigs (or servers with a lot of GPU power) to run brute force attacks with thousands of guesses per second.