Info Second LastPass data breach in 2022 (security incident)

Currently reading
Info Second LastPass data breach in 2022 (security incident)

SynoMan

Administrator
Moderator
Founder
1,171
678
www.synoforum.com
NAS
DS720+, DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Another security incident occurred at LastPass. The first happened in August and the second three months later.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.

Read more in a blog post from Karim Toubba, LastPass CEO.




Don't forget, you can self-host Bitwarden in Docker on your NAS:
 

ed.j

Subscriber
200
57
NAS
DS920+, DS416slim
Operating system
  1. Windows
Mobile operating system
  1. Android
I would suspect that Lastpass have better security measures, and redundancy in place, than your average Syno user.......
 

Schewa

Subscriber
11
3
NAS
920+
Can BitWarden be used/accessed outside my LAN through QuickConnect?
Maybe it might be an option to use wireguard?
Not sure, just want to trigger a conversation and maybe show another option, since I am still learning on that matter.

Best Regards,
Schewa
 

Rusty

Moderator
NAS Support
6,366
1,889
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Maybe it might be an option to use wireguard?
Not sure, just want to trigger a conversation and maybe show another option, since I am still learning on that matter.

Best Regards,
Schewa
you can but the BW address still need to be covered with https protocol and a valid tls cert
 
Last edited:
A couple of thoughts in case someone may relate

From the blog post:
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data
I had a LastPass account until 2 years ago when I bought the synology nas and spun up a vaultwarden instance.

At that time I exported my passwords, deleted them from the LastPass vault and then deleted the LastPass account.

But they (baddies) managed to obtain encrypted vaults from a BACKUP... was my data there?

I don't know, and no longer having an account I doubt LastPass would notify me... If they did it would mean they clearly did not delete the account (or at least part of it). At this point I don't think I trust anything they say or don't say...

So, since I keep a copy of the export of the vault at the time, I will have to review and change all those passwords I deem important.

My second thought is about a post I initiated some time ago here:

I don't know if LastPass offers to store TOTP secrets like Bitwarden, but if they do and someone happens to have them stored there, then 2FA will be of no use if they crack the stolen vault...
 
98
45
NAS
DS1019+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I am so glad I moved away from LastPass two years ago after they stated that they had a breech. I originally went with Bitwarden in the cloud then moved to a local instance.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi, If there are people out there looking for an alternative to Matrix Synapse! I came across this...
Replies
0
Views
1,400
Read on... Odd though that TechCrunch says... But with the vault in hand, 2FA is meaningless.
Replies
0
Views
398
back to the topic just curious what was the real reason for the big difference for Intel Core 11h Gen...
Replies
8
Views
1,230
OFC, account.synology.com is web portal target also, it is the daily target of outbound traffic from...
Replies
10
Views
1,113
SOSHO & SMB vendors: ASUSTOR, AC&NC, Buffalo, D-link, Drobo, HP, LaCie, Netgear, QNAP Systems, Synology...
Replies
0
Views
594
We’ll call it “Jeyare principle”. Has a nice ring to it too. Go for it, I’ll support you ✌️
Replies
9
Views
1,053
Replies
6
Views
990

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Top