all InfoSec news
LastPass breach update: The few additional bits of information
Almost Secure palant.info
Half a year after the LastPass breach started in August 2022, information on it remains sparse. It took until December 2022 for LastPass to admit losing their users’ partially encrypted vault data. This statement was highly misleading, e.g. making wrong claims about the protection level provided by the encryption. Some of the failures to protect users only became apparent after some time, such as many accounts configured with a dangerously low password iterations setting, the company hasn’t admitted …
accounts august bits breach claims data december encrypted encryption information lastpass lastpass breach low making protect protection statement update vault