![]() So a question like, “What happens if 1Password gets hacked?” is completely reasonable. You trust us with some of your most valuable data: confidential logins, bank information, secure notes, and more. ![]() You don’t need to share secrets to confirm your identity ContentsĮnd-to-end encryption keeps your information safe But even if it was, we’ve designed our systems to make sure your passwords and information would still be safe. I'll also be enquiring about getting a refund for my LastPass subscription given what has happened.We’ve been protecting our customers' data for over fifteen years, and in all that time 1Password has never been hacked. Now that I've switched over I just need to go through the painful process of updating passwords - at least I'll be able to get rid of any accounts that I no longer need/use. Personally, based on the way that this seems to be being handled by LastPass - they seem to be trying to just ignore it in the hopes it goes away and brush off/ignore any enquiries about it (per my experience when I contacted them and realised afterwards that they'd not really answered my questions and the fact that they are ignoring posts like this on the community - I know they do answer other posts on here from looking around the community) - I have now switched to 1Password and will be deleting my LastPass account once I'm sure everything's working ok.įrom what I've read both 1Password and Bitwarden are much more secure than LastPass and I've already found that when I posted on the 1Password community asking what they'd do if something similar happened that someone who works for them actually responded. However, I disagree that it will be 100% safe so even if you have a strong password on the account it's a good idea to change it and all of your other passwords :(. I guess it's probably safest to assume the worst case scenario and that the hackers have had the backups since August.Īssuming LastPass are telling the truth about how strong the encryption on these backups is I suspect that they will be correct when they say the data is safe. It doesn't actually specify if the stolen credentials were used to access the backups back in August (in which case why has it taken so long to notify users?) or if the stolen details were used more recently to steal the backups (in which case why did they not update the stolen credentials after the original breach?). " While no customer data was accessed during the August 2022 incident, some source code and technical information were stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service. They are the only ones who have security baked in so that you're super-safe EVEN IF you have a weak password and EVEN IF they get hacked and your vault is stolen.Īnother thing that's not entirely clear from the blog post is when the vault backups were stolen: Personally, I think 1password is the best alternative. 25m+ "vaults" have been taken so you'd be pretty unlucky if the hackers started trying to hack yours first! do it progressively over the coming weeks. ![]() You can probably taken your time over this, i.e. I think it's prudent to do that anyway, starting with your email account(s) - since they are the most damaging to be hacked - and then your financial accounts then any shopping sites, especially with credit card data stored and finally everything else. However, if you do not, you should change all of your passwords. if you do have a strong master password, you probably don't have much to worry about. A shocking revelation!Īnd in terms of LP telling people what they should do? Well they have given advice and whereas they perhaps exaggerate how safe your data is if you have a strong master password, the advice is probably still valid. Seems like it's not a vault at all, just a collection of fields, some encrypted and others not. Seems like LP have been "economical with the truth" about this being a zero-knowledge encrypted vault. The offline vault backups are only protected by your master password.ĥ. 2FA only protects login access to your online vault. As far as I know LP have not contacted anyone directly about this.Ĥ. Yes, backups of ALL users were taken - free, premium, business, teams. were they snapshots of that day or backups with multiple copies going back days/weeks/months?Ģ. LastPass have not confirmed what exactly those backups comprised, i.e. As far as I know, only 1 breach where customer data was taken and that was copies of backups as of September 22nd.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |