Since May 2023, users of the LastPass password manager have been experiencing severe login issues after resetting their MFA. It all started when people were asked to reset multi-factor authentication (MFA) applications. The fact is that users are required to re-login to their LastPass account and reset the MFA after the company was hacked at… Continue reading LastPass Users Can’t Login to App after Resetting MFA
Tag: LastPass
LastPass Breach Investigation Goes On, Things are Even Worse
LastPass, owned by GoTo (formerly LogMeIn) and with over 30 million users, revealed new details about the cyber incidents that have shaken the company since August 2022, when fragments of source code were reported stolen. In January 2023, the company admitted that the breach was more extensive, involving leaks of accounts, passwords, MFA settings, and… Continue reading LastPass Breach Investigation Goes On, Things are Even Worse
Vulnerability in KeePass Allows Stealing All User Passwords in Plain Text
The developers of the open-source password manager KeePass explain that a vulnerability that allows an attacker to steal all user passwords is not so dangerous. The fact is that the developers consider that if an attacker controls your system, then this is no longer your system. By the way, read: Is It Safe to Use… Continue reading Vulnerability in KeePass Allows Stealing All User Passwords in Plain Text
Hackers Stole Data from the LastPass Use Password Vault
LastPass password manager developers have reported that hackers who recently broke into the company’s cloud storage have accessed it and stolen customer data, including password vaults that could now theoretically be hacked. Let me remind you that the compromise of the company’s cloud storage became known earlier this month. It is noteworthy that for this… Continue reading Hackers Stole Data from the LastPass Use Password Vault
In LastPass for Android found seven built-in trackers
German cybersecurity expert Mike Kuketz noticed that the LastPass Android app has seven trackers that monitor users. The researcher builds his findings on the report of the non-profit organization Exodus, which is described as an initiative “led by hacktivists, the goal of which is to help people understand the problems of tracking in Android applications.”… Continue reading In LastPass for Android found seven built-in trackers
HIBP (Have I Been Pwned?) leak aggregator opens the source code
Founder of Have I Been Pwned? (HIBP) Troy Hunt announced that after a series of unsuccessful attempts to sell the project, about which he talked this spring, he decided to open the source code. Let I remind you that HIBP, founded in 2013, is a service for verifying credentials for compromise. Collecting information about various… Continue reading HIBP (Have I Been Pwned?) leak aggregator opens the source code
Experts have discovered vulnerabilities in popular password managers
Experts from York University explained how they managed to detect vulnerabilities in popular password managers. Bugs allowed malware stealing user credentials. It turned out that back in 2017, researchers analyzed five popular password managers: LastPass, Dashlane, Keeper, 1Password and RoboForm. The analysis helped identify four previously unknown vulnerabilities, including one that led to the disclosure… Continue reading Experts have discovered vulnerabilities in popular password managers