undefined | Better HN

0 pointsforensic14y ago0 comments

FFS! It wasn't compromised, not remotely. The incident last year is what convinced me I could trust last pass.

0 comments

There was also the XSS flaw in Feb last year that allowed an attacker to retrieve your email address, your password reminder, the list of sites you log into and the history of your logins, including which sites you logged into, the time and dates you logged into them, and the IP addresses you logged in from.

https://grepular.com/LastPass_Vulnerability_Exposes_Account_...

Their reaction to this flaw was exemplary though, and LastPass is a lot more secure now because of it.

rationalbeats14y ago

Well they said that their database was compromised and they were not sure what was accessed.

So I stopped using them after that incident.

It was a while ago I don't remember the particulars, but I do remember they said they were not sure if someone stole everyones password so everyone should change their master password to be safe. So I deleted my account to be safer.

Confusion14y ago

  Well they said that their database was compromised

No they didn't.

  I don't remember the particulars

Then why do you make such explicit claims about what happened? They spotted a traffic anomaly on their network and went into complete paranoid mode. It is completely unknown, even to them, whether someone unauthorized accessed their database or whether they just couldn't account for some traffic on their internal network.

I don't know anyone else that monitors the traffic on their network to detect unauthorized access and I know many companies that don't. That's already a huge plus and it makes me trust them with security in general all the more.

newman31414y ago

For that reason, I find the 1Password model more suited to my tastes. Using Dropbox to sync, it works just as nicely and I'm not beholden to a third party central database (LastPass).

lelele14y ago

So what? As long as your master password was strong, your data was safe.

j / k navigate · click thread line to collapse