Info Second LastPass data breach in 2022 (security incident)

Currently reading
Info Second LastPass data breach in 2022 (security incident)

SynoMan

Administrator
Moderator
Founder
1,411
803
www.synoforum.com
NAS
DS720+, DS418play
Router
  1. RT2600ac
  2. MR2200ac
Operating system
  1. macOS
Mobile operating system
  1. iOS
Another security incident occurred at LastPass. The first happened in August and the second three months later.

We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information.

Read more in a blog post from Karim Toubba, LastPass CEO.




Don't forget, you can self-host Bitwarden in Docker on your NAS:
 
Can BitWarden be used/accessed outside my LAN through QuickConnect?
Maybe it might be an option to use wireguard?
Not sure, just want to trigger a conversation and maybe show another option, since I am still learning on that matter.

Best Regards,
Schewa
 
Maybe it might be an option to use wireguard?
Not sure, just want to trigger a conversation and maybe show another option, since I am still learning on that matter.

Best Regards,
Schewa
you can but the BW address still need to be covered with https protocol and a valid tls cert
 
Last edited:
A couple of thoughts in case someone may relate

From the blog post:
The threat actor was also able to copy a backup of customer vault data from the encrypted storage container which is stored in a proprietary binary format that contains both unencrypted data
I had a LastPass account until 2 years ago when I bought the synology nas and spun up a vaultwarden instance.

At that time I exported my passwords, deleted them from the LastPass vault and then deleted the LastPass account.

But they (baddies) managed to obtain encrypted vaults from a BACKUP... was my data there?

I don't know, and no longer having an account I doubt LastPass would notify me... If they did it would mean they clearly did not delete the account (or at least part of it). At this point I don't think I trust anything they say or don't say...

So, since I keep a copy of the export of the vault at the time, I will have to review and change all those passwords I deem important.

My second thought is about a post I initiated some time ago here:

I don't know if LastPass offers to store TOTP secrets like Bitwarden, but if they do and someone happens to have them stored there, then 2FA will be of no use if they crack the stolen vault...
 
I am so glad I moved away from LastPass two years ago after they stated that they had a breech. I originally went with Bitwarden in the cloud then moved to a local instance.
 
 

Create an account or login to comment

You must be a member in order to leave a comment

Create account

Create an account on our community. It's easy!

Log in

Already have an account? Log in here.

Similar threads

Hi, If there are people out there looking for an alternative to Matrix Synapse! I came across this...
Replies
0
Views
2,796
This is crazy... and they are saying this was all due to a Plex media RCE exploit Plex media server seen...
Replies
2
Views
1,574
Read on... Odd though that TechCrunch says... But with the vault in hand, 2FA is meaningless.
Replies
0
Views
1,251
How much you bet: That message would come with a link to: (Guess what!)
Replies
8
Views
1,580
back to the topic just curious what was the real reason for the big difference for Intel Core 11h Gen...
Replies
8
Views
2,019
OFC, account.synology.com is web portal target also, it is the daily target of outbound traffic from...
Replies
10
Views
1,932

Welcome to SynoForum.com!

SynoForum.com is an unofficial Synology forum for NAS owners and enthusiasts.

Registration is free, easy and fast!

Back
Top