cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

For more information about the LastPass security incident please visit our blog

xLNG1EhBjePU0L8
Active Contributor

EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

A short recap for newcomers looking for "support". They have stolen all our Lastpass content in 2022, the truth has been known now in March 2023.

Our email, phone, address, URLS (not encrypted!) and other private data are in the hands of third parties. This company that boasts zero knowledge has ripped us off. This is a scandal. GET OUT AS SOON AS POSSIBLE, change all your passwords. Join the class action lawsuit. SHAME!

6 REPLIES 6
xLNG1EhBjePU0L8
Active Contributor

Re: EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

xLNG1EhBjePU0L8
Active Contributor

Re: EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

Go!!
xLNG1EhBjePU0L8
Active Contributor

Re: EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

Switch 1password or Bitwarden. LP is dead!
J-and-N-Larson
New Contributor

Re: EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

First, the breach happened in August 2022.

 

Second, treat any password management app and site as if it were a financial institution.  Use only very strong passwords for those apps and sites, such as from RandomPasswordGenerator, and change them every 3-6 months.

 

For example, we check all the boxes on RandomPasswordGenerator and include numbers, upper- and lowercase letters, and special symbols (as permitted by the sites we use).  We usually have 16-character passwords.

 

If one does that, it makes it very difficult for anyone to gain access to one's information.

xLNG1EhBjePU0L8
Active Contributor

Re: EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

All of our data was stolen. Many data of us was not ENCRYPTED!!
Raiver
Active Contributor

Re: EVERYTHING DATA OF ALL OF US WAS STOLEN! BE AWARE!

@J-and-N-Larson I think you missed the point that LastPass does not encrypt our URL data and other types of metadata. It doesn't matter how good our master password was: criminals now have access to ALL our URLs that were stored in plain text. They know every web site that we stored in LastPass and even the web sites that we told LastPass to ignore. And not only the web sites, but the URL parameters that are after the URL. For weak websites there can even be a password in there or a password reset link.