Info Second LastPass data breach in 2022 (security incident)

Currently reading
Info Second LastPass data breach in 2022 (security incident)

SynoMan

SynoMan

Administrator
Moderator
Founder
1,171
678
www.synoforum.com
NAS
DS720+, DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Another security incident occurred at LastPass. The first happened in August and the second three months later.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.
Click to expand...

Read more in a blog post from Karim Toubba, LastPass CEO.

blog.lastpass.com

Notice of Recent Security Incident - The LastPass Blog

We are working diligently to understand the scope of the incident and identify what specific information has been accessed.
blog.lastpass.com blog.lastpass.com



Don't forget, you can self-host Bitwarden in Docker on your NAS:
www.synoforum.com

Docker - BitWarden - self hosted password manager using vaultwarden/server image

UPDATE (30/04/2021) Changed the article to reflect on using the new vaultwarden/server image UPDATE (03/12/2019): Added SMTP parameters UPDATE (10/08/2019): Added steps for activating LiveSync item feature UPDATE (28/05/2019): Edited name...
www.synoforum.com www.synoforum.com
 
ed.j

ed.j

Subscriber
200
57
NAS
DS920+, DS416slim
Operating system
  1. Windows
Mobile operating system
  1. Android
I would suspect that Lastpass have better security measures, and redundancy in place, than your average Syno user.......
 
S

Schewa

Subscriber
11
3
NAS
920+
RogerA said:
Can BitWarden be used/accessed outside my LAN through QuickConnect?
Click to expand...
Maybe it might be an option to use wireguard?
Not sure, just want to trigger a conversation and maybe show another option, since I am still learning on that matter.

Best Regards,
Schewa
 
Rusty

Rusty

Moderator
NAS Support
6,366
1,889
www.blackvoid.club
NAS
DS718+, DS918+, 2x RS3614RPxs+
Router
  1. RT1900ac
  2. RT2600ac
  3. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Schewa said:
Maybe it might be an option to use wireguard?
Not sure, just want to trigger a conversation and maybe show another option, since I am still learning on that matter.

Best Regards,
Schewa
Click to expand...
you can but the BW address still need to be covered with https protocol and a valid tls cert
 
L

leriak

55
21
Last edited:
A couple of thoughts in case someone may relate

From the blog post:
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data
Click to expand...
I had a LastPass account until 2 years ago when I bought the synology nas and spun up a vaultwarden instance.

At that time I exported my passwords, deleted them from the LastPass vault and then deleted the LastPass account.

But they (baddies) managed to obtain encrypted vaults from a BACKUP... was my data there?

I don't know, and no longer having an account I doubt LastPass would notify me... If they did it would mean they clearly did not delete the account (or at least part of it). At this point I don't think I trust anything they say or don't say...

So, since I keep a copy of the export of the vault at the time, I will have to review and change all those passwords I deem important.

My second thought is about a post I initiated some time ago here:
www.synoforum.com

TOTP keys in Bitwarden

I've been using bitwarden for a while now (maybe a year?) and I just recently realized that it can store TOTP keys for 2 factor authentication. Just curious, does anyone use this functionality? IMO it doesn't seem very good practice to put passwords and the means to obtain 2FA codes on the...
www.synoforum.com www.synoforum.com

I don't know if LastPass offers to store TOTP secrets like Bitwarden, but if they do and someone happens to have them stored there, then 2FA will be of no use if they crack the stolen vault...
 
R

RonV42

98
45
NAS
DS1019+
Operating system
  1. Linux
  2. Windows
Mobile operating system
  1. Android
I am so glad I moved away from LastPass two years ago after they stated that they had a breech. I originally went with Bitwarden in the cloud then moved to a local instance.
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Register

Log in

Already have an account? Log in here.

Similar threads

BobW
Found a good alternative to Matrix Synapse. Dendrite is a second-generation Matrix homeserver written in Go.
Hi, If there are people out there looking for an alternative to Matrix Synapse! I came across this...
Replies
0
Views
1,400
BobW
BobW
Telos
Death Knell for LastPass? Hackers stole customers’ password vaults
Read on... Odd though that TechCrunch says... But with the vault in hand, 2FA is meaningless.
Replies
0
Views
398
Telos
Telos
EAZ1964
always happy when reliability data is shared, for what it is worth
back to the topic just curious what was the real reason for the big difference for Intel Core 11h Gen...
Replies
8
Views
1,230
jeyare
jeyare
jeyare
QNAP will send data about NAS disks to 3rd party
OFC, account.synology.com is web portal target also, it is the daily target of outbound traffic from...
Replies
10
Views
1,113
jeyare
jeyare
jeyare
Last NAS consumption data & enviro impact (SOHO & SMB)
SOSHO & SMB vendors: ASUSTOR, AC&NC, Buffalo, D-link, Drobo, HP, LaCie, Netgear, QNAP Systems, Synology...
Replies
0
Views
594
jeyare
jeyare
jeyare
Data breach from T-mobile? It will be worse.
We’ll call it “Jeyare principle”. Has a nice ring to it too. Go for it, I’ll support you ✌️
Replies
9
Views
1,053
WST16
WST16
jann
😂 There should be a badge awarded for FINALLY completing builds/rebuilds & data scrubs!
...when you have that many servers, sometimes you improvise! 😉
Replies
6
Views
990
jann
jann

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Register

Trending threads

Top