The LastPass Disclosure of Leaked Password Vaults Is Being Torn Apart By Security Experts

Last week, LastPass announced that attackers stole customer vault data after breaching its cloud storage earlier this year using information stolen during an August 2022 incident. "While the company insists that your login information is still secure, some cybersecurity experts are heavily criticizing its post, saying that it could make people feel more secure than they actually are and pointing out that this is just the latest in a series of incidents that make it hard to trust the password manager," reports The Verge. Here's an excerpt from the report: LastPass' December 22nd statement was "full of omissions, half-truths and outright lies," reads a blog post from Wladimir Palant, a security researcher known for helping originally develop AdBlock Pro, among other things. Some of his criticisms deal with how the company has framed the incident and how transparent it's being; he accuses the company of trying to portray the August incident where LastPass says "some source code and technical information were stolen" as a separate breach when he says that in reality the company "failed to contain" the breach. He also highlights LastPass' admission that the leaked data included "the IP addresses from which customers were accessing the LastPass service," saying that could let the threat actor "create a complete movement profile" of customers if LastPass was logging every IP address you used with its service.

Another security researcher, Jeremi Gosney, wrote a long post on Mastodon explaining his recommendation to move to another password manager. "LastPass's claim of 'zero knowledge' is a bald-faced lie," he says, alleging that the company has "about as much knowledge as a password manager can possibly get away with." LastPass claims its "zero knowledge" architecture keeps users safe because the company never has access to your master password, which is the thing that hackers would need to unlock the stolen vaults. While Gosney doesn't dispute that particular point, he does say that the phrase is misleading. "I think most people envision their vault as a sort of encrypted database where the entire file is protected, but no -- with LastPass, your vault is a plaintext file and only a few select fields are encrypted."

Palant also notes that the encryption only does you any good if the hackers can't crack your master password, which is LastPass' main defense in its post: if you use its defaults for password length and strengthening and haven't reused it on another site, "it would take millions of years to guess your master password using generally-available password-cracking technology" wrote Karim Toubba, the company's CEO. "This prepares the ground for blaming the customers," writes Palant, saying that "LastPass should be aware that passwords will be decrypted for at least some of their customers. And they have a convenient explanation already: these customers clearly didn't follow their best practices." However, he also points out that LastPass hasn't necessarily enforced those standards. Despite the fact that it made 12-character passwords the default in 2018, Palant says, "I can log in with my eight-character password without any warnings or prompts to change it."

phestival of pwnage

[Anonymouse Cowtard]

Who will pwn ArsePass next? The FBI? A Senator? A Slashdot editor?

Re:

[6Yankee]

Slashdot editor, twice.

FREE means you are the product

[bubblyceiling]

Always got a bad feeling about LastPass. It was always so much cheaper than 1Password and even had some FREE options. Gotta wonder what they are skimping on and how they make money.

Never understood why people used it either. These are your most important items. Why trust a second rate company with them?

Re:

[EvilSS]

Probably not an accident they stored URLs unencrypted. Selling those tied to the user's email would make them a few bucks.

Re:FREE means you are the product

[Dozy Lizard]

FREE means you are the product

Not necessarily. I use KeepassXC and keep the database on my google drive. KeepassXC is free and opensource and there is an android app and plugins for all the major browsers. I don't know about the apple world. Yes I have looked at the code (at least for the desktop version, admittedly not the phone version) and am pretty sure that it doesn't do anything nefarious.

Re:

[Ostracus]

Indeed if that mantra is true, then what does that make open source users?

Re:

[bill_mcgonigle]

> Indeed if that mantra is true, then what does that make open source users?

Anarchocommunists.

Re:

[kaoshin]

It might not, but cloud storage (including Google) is inherently untrustworthy. A much better plan would be to use a different method to keep the keepass DB synced across devices. Syncthing is good for this.

Re:

[Smidge204]

The difference here is it's not a service. You are basically running the service yourself. FOSS is a slightly different animal since the maintenance cost can be zero (and is usually extremely low even if not zero).

But LastPass is a service. They are providing hardware and bandwidth which carry ongoing expenses. To whit, according to their privacy policy [lastpass.com] they are absolutely using your data to make money through advertising/tailored promotions.
=Smidge=

Re:

[AmiMoJo]

For some reason people don't understand security stuff like this. Even on Slashdot, where you might expect people to know the basics, your read dozens of confused posts about password managers and 2FA.

LastPass's product is convince. People who don't know better have a simple solution that claims to be secure, and to be fair they are probably not in a position to evaluate that claim and the ones made by rivals.

Hopefully this is the end of LastPass, but the real issue is helping people understand this stuff.

Re:FREE means you are the product

[ArchieBunker]

Like the saying goes, the cloud is just another name for someone else's computer.

Re: FREE means you are the product

[dowhileor]

Just like an application. I'm sure this was a front-end breach like a web injection or something. So storing sensitive info on a web application is exactly like putting it on someone else's computer I agree.....

Re:

[Bongo]

Like the saying goes, the cloud is just another name for someone else's computer.

Or even, the cloud is your data in the hands of someone else's incentives.

Re:

[Ostracus]

And the internet is someone else's equipment. Tell us something useful.

Re:

[ArchieBunker]

The point is don't store anything import on equipment out of your control.

Re:

[HP Hovercraft]

"Never understood why people used it either." I used it because it was convenient. Their cross-platform sync was great, as I used it with Win10, Debian, and iOS. Just because you didn't use it, doesn't mean it didn't have utility for others.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[dgatwood]

Never understood why people used it either. These are your most important items. Why trust a second rate company with them?

I understand why people used them back before Chrome and Safari added built-in password managers that sync passwords across devices, but I have no idea why anybody uses any of them now. The most secure solution will almost always be the one that's designed by companies that have spent decades building software and hardware used by billions of users, rather than companies that build a single app used by millions.

I stopped using this garbage service almost 10 yrs

[klipclop]

The whole concept seemed interesting 10 yrs ago, but now there's many offline or personal cloud options where you don't need to use a dumpster fire like Lastpass

Re:

[NFN_NLN]

Example: https://bitwarden.com/blog/hos... [bitwarden.com]

Re:

[phantomfive]

Is there any reason to believe that Bitwarden is more secure than other options?

Re:

[Randseed]

Is there any reason to believe that Bitwarden is more secure than other options?

Aside from the fact that AFAIK it doesn't have a laundry list of breeches, no. On the other hand, apparently you can set up your own server vault somehow. I haven't looked into that yet. One thing about Bitwarden as opposed to Lastpass is it has seemingly bad form support. For example, in Brave on iOS you have to go to a share menu and scroll down, copy usernames and passwords separately, and then paste them into the fields. Lastpass puts up a "passwords" prompt or something and does it more straightforward

Re:

[NFN_NLN]

1. Don't store it on your PC at all. Hackers can penetrate windows.
2. Don't write it down on a physical piece of paper a burglar could find it.
3. Don't memorize it, someone could compel you by torture.
4. Don't use biometrics, someone could chop your finger off.
5. Don't use your phone someone could clone your SIM.

Did I miss any chicken little?

Re:I stopped using this garbage service almost 10

[Ostracus]

Don't store it in your head. Elon Musk could get it. [theguardian.com]

Re:

[volcan0]

1: your bitwarden is not setup properly. logging into a site, even with 2FA, takes 1 click, 1 paste, and another click. thats it.

Their self-hosted stack is the worst abomination of software abuse I have seen ever though. MSSQL: + .NET on linux in docker.

Re:

[bill_mcgonigle]

> Is there any reason to believe that Bitwarden is more secure than other options?

Depends if you think Open Source is a disaster of easy-to-find bugs or a many-eyes-make-light-work triumph.

One thing that's for sure is it's much easier to hide backdoors in secret code.

And BitWarden does not store URL's plaintext like Lastpass, so the metadata problem is much better.

Re:

[phantomfive]

It's not that a group of people in a corporate structure can't write secure code, it's that they choose not to incentivize it, and often punish people who spend extra time making sure their code is secure (ie, "why are you taking so long?").

won't change the users

[bloodhawk]

What I find amusing is you still find masses of Lastpass fan boys calling everyone else morons for warning people away from this shit company and their products. I had arguments on a forum last year to stay the fuck away from it, then again in August and again just yesterday and the same idiots are adamant that Lastpass is the most secure safe way to manage their passwords. I guess at least they are guarenteed there will be thousands of backups of their password stores.

Re:

[Pascoea]

So what's the alternative? Something my mother can figure out without calling me and my brother every time it doesn't work flawlessly? Solutions like Lastpass and their brethren are secure enough and work 99% of the time for the majority of their target audience. And at least I have a tiny shred of confidence that they are above board when breaches occur, so I can go change the 10 "critical" passwords (banking, retirement, e-mail, etc.) in a timely manner and move on with life.

That being said, in a corpora

Re:

[gweihir]

True believers. The very worst version of clueless and arrogant. These people are incapable of even pereciving they could be wrong or having made a mistake. So the defend their flawed choices to the very end. Kind of like COVID-deniers that claimed COVOD does not exist until the very moment it killed them.

This is why 3rd party storage is "Bad"

[grasshoppa]

This situation is a great example of why 3rd party storage of your personal information, encrypted or not, is usually a "bad thing". No one knows just what was compromised, nor will anyone have anyway of knowing if their vault was cracked up and to the point where accounts start getting taken over.

Maintain control of the infrastructure and, ideally, keep it offline.

Re:

[Computershack]

Maintain control of the infrastructure and, ideally, keep it offline.

That's nice dear. What happens when you find you need a password when you're away from home?

Re:

[fluffernutter]

Bring your laptop with the offline key database with you, bring your phone with the offline key database with you, or simply memorize them.

Re:

[jandoe]

Memorizing password is the worst possible advice you can give someone. Storing them offline is close second.

Re:

[Midnight_Falcon]

Memorizing password is the worst possible advice you can give someone. Storing them offline is close second.

100% the above. Anyone who claims having users memorize passwords is effective hasn't worked in security or ever tried cracking a real PW database. All most users do is make simple passwords and increment them (Password1, Password2), or reuse the same ones over an over. They will usually forget complex passwords regularly -- even "smart" people like MIT grads need password resets regularly.

In terms of storing them offline, that might sound nice but it is horribly slow and impractical. Users retyping

Re:

[myowntrueself]

100% the above. Anyone who claims having users memorize passwords is effective hasn't worked in security or ever tried cracking a real PW database. All most users do is make simple passwords and increment them (Password1, Password2), or reuse the same ones over an over. They will usually forget complex passwords regularly -- even "smart" people like MIT grads need password resets regularly.

I agree. But I wonder if we still mean 'password' in this context. Its more like an authentication token. It isn't 'a word that you use to pass security' anymore. It isn't something you have to, or should, remember.
Its something thats generated for you, associated with a particular purpose in an automated storage system, recalled from that storage system for you and pasted into a field. You never get to, nor should have to, see the 'password' at all.

So is it still a password?
And, if it isn't a password any

Re:

[Midnight_Falcon]

It's still a password, unfortunately, because it's simply a text string that grants authentication. Password managers create an abstraction layer on top for the end user, allowing them to use unique passwords to protect them from the common attack vector of password re-use (most problematic when reused passwords are part of plaintext breach). It also makes phishing more difficult and less useful as well, because phishing often relies on reused passwords.

Perhaps there could be a word dubbed for "unique

Re:

[Reziac]

Is there such a thing as a cellphone that's reliably offline??

Re:

[fluffernutter]

If is an app that encrypts all passwords not being accessed and stores it on local storage, it wouldn't be very easy to get anything unless you got infected by spyware and had a keylogger or screen recorded or something.

Re:

[grasshoppa]

Depends on the situation. In my case, if I'm not anywhere I can properly access my server then I live without it.

I don't really need anything with that level of immediacy if I'm away from my normal equipment, and I'd bet that applies to most folks.

Re:

[Known Nutter]

If only there were some easy way I could create a private network -- virtually -- back to my home from my device while I'm on the go.

Re: This is why 3rd party storage is "Bad"

[Anonymouse Cowtard]

I only travel with my phone. So that's a virtual network, privately.

Re:

[Ostracus]

Phones are still the weak link VPN or not. Plus you're putting faith in their being no problems on the other end as well as always on connectivity all along the chain.

Re:

[PsychoSlashDot]

Maintain control of the infrastructure and, ideally, keep it offline.

That's nice dear. What happens when you find you need a password when you're away from home?

VPN in to infrastructure you control.
Keep a cached copy on your mobile device that is refreshed manually occasionally?

There are solutions for this that aren't "trust someone else who is a massive target".

Re:

[idji]

I use Keepass and Dropbox - that means I encrypt it locally and Dropbox is just the transport mechanism for files.

Re:

[DigitalSorceress]

So very very true.

I've been using a password wallet that is stored locally on my server at home (non-accessible from the Interwebz) and on my mobile device - it uses a sync I can kick off to synchronize the files. I know that if someone gets hold of either of those files they're likely not strongly encrypted enough to survive a brute force, but at least someone would need to be targeting me specifically which ... I'm not really worth their time (most likely) if the files aren't picked up in a mass online

Re:

[rsmith-mac]

Out of curiosity, what program/wallet are you using that allows for such easy local syncing between PC and mobile?

Not the first time, not the last

[phantomfive]

It's happened again and again, don't trust these guys:

https://www.zdnet.com/article/... [zdnet.com]
https://www.wired.com/2015/06/... [wired.com]

It's what happens when corporate structure doesn't incentivize secure programming practices. I'll bet they have a bug tracker overflowing with bugs.

Re:

[phantomfive]

Even if you want to write secure code, if your manager gets upset at you for fixing bugs, then it's not going to happen.

Re:

[myowntrueself]

Even if you want to write secure code, if your manager gets upset at you for fixing bugs, then it's not going to happen.

Because the managers KPI and bonus doesn't depend on the outcome of the pen tests.
If it did then they'd be begging for secure code practices.

To fix this, you need to go where those performance metrics are being set.
You can bet that the C level execs who set these are saying "security is number one priority" but still failing to set motivational performance metrics on the managers etc.

Re:

[phantomfive]

You need to look at what is actually being incentivized, and change that accordingly.

Roll your own

[erp_consultant]

LastPass has had a total of 7 data breaches. Better to use a local password manager like Keepass. You control the vault, not some third party firm that can't seem to do a very good job of it.

Re:

[gweihir]

To be fair, they seem to be about level with Microsoft on security. And almost everybody uses Microsoft, so they probably figured that is good enough.

Re: It's named wrong

[Anonymouse Cowtard]

Last gasp always makes me think of the acronym for a fictional euthanasia charity:

Legal And Social Transition to a Government Assisted Suicide Program.

Call now to donate or be put through to our qualified, ahem, assistants.

online and offline attacks

[FeelGood314]

There is a huge difference between online and offline attacks. This is offline, the easier attack for bad guys. If the bad guys have your password store they can try, assuming they rent the computing power, tens to hundreds of billions of passwords a second. Worse with some simple planning they can essentially try the same password against every password store at the same time. Compare this to an online attack. A stolen bank ATM card only allows a few tries before locking the attacker out and they can only attack the one card. So for this attack a 4 digit PIN might be sufficient. For a small company with a rate limited login to 1 login from any person per second then 8 random digits is sufficient. A company with 5000 employees with a limit of 100 logins per second needs 10 digits. A bank with millions of customers should have the equivalent of 12 digits (40 bits of entropy). Offline attacks though require 25 digits or more (70 bits of entropy).

Most lastpass users did not expect an off line attack on their passwords. My gut feeling is the median master password would be cracked with a dictionary* attack in under 35 bits (12 digits) of entropy.
* a dictionary for this type contains all the common words people use along with all the common letter/symbol substations, common capitalizations and common suffixes (symbol, number, number sequence...).

Re:

[Ichijo]

My gut feeling is the median master password would be cracked with a dictionary* attack in under 35 bits (12 digits) of entropy.

My password is 12 characters but a completely random set of characters. I think LastPass chose it for me. So it's not vulnerable to dictionary attacks.

Eventually, the technology will exist that can crack it. But not yet.

Re:

[Gavagai80]

12 random characters would have 19,408,409,961,765,342,806,016 permutations. If they can indeed do a hundred billion attempts per second as the grandparent suggested, then we're looking at 6154 years to be certain of guessing your password, or a mere 3000 years to have a 50% chance of guessing it.

That sounds like a long time, but if they can do that simultaneously on all 30 million accounts LastPass supposedly has then they'll unlock about 5000 accounts every year. Sounds pretty valuable.

Re:

[Pascoea]

but if they can do that simultaneously on all 30 million accounts LastPass supposedly has

And which set of script kiddies has access to the kind of compute power that would be required to do such a thing? I will agree, yes, this is bad on LastPass. But from what the actual experts have said on this (because I doubt too many of the armchair security analysts that troll Slashdot have an actual clue) it's not that big of a deal. The advice from them ranges from "don't worry about it, they'd need 100 lifetimes to get at your actual information." to "change your vault password and any critical pass

Re:

[myowntrueself]

And which set of script kiddies has access to the kind of compute power that would be required to do such a thing?

'Script kiddies' are largely a thing of the past. These days we have organised crime and state actors to worry about more.

Re: online and offline attacks

[nichogenius1]

One thing most people don't realize is that the master password is run through a hashing chain that's intended to be long and computationally expensive for anyone taking guesses at a password. This hash chain is what converts a human readable password to a 256 bit encryption key (albeit one with low entropy). If LastPass was smart enough to salt the master password before hashing it, attackers would likely have no success on trying the se master password on all vaults.

Re: online and offline attacks

[nichogenius1]

According to LastPass, they salt the master password with the username before applying a 1-way hash using 100,100 rounds of PBKDF2-SHA256. This slows down anyone hoping to decrypt the password and almost guarantees no two vaults will have the same 256 bit decryption key. LastPass should have addressed the human error of (re)using weak or leaked passwords. 1Passwords use of a secret key does a lot to solve this problem.

Private Equity Scumbags

[Sarusa]

Just a reminder that LastPass bought got by LogMeIn 7 years ago (since when it has numerous security breaches) and 2 years ago LogMeIn got bought by a private equity company. They don't give a single crap about you as the user except how to squeeze as much money out of you as possible by selling all your info. Move to 1Password, BitWarden, or (if you can handle some manual lifting) KeePass.

Since you have to consider anything password at LastPass compromised, this is a great time to switch as long as you h

A result of the bait and switch.

[John Smith 2294]

They pissed people off. Enough to do this to them. Several times. When you take a free product tier that has been that way for years and then charge for it, you piss people off. LastPass had this coming. I think it started when someone bought the company? The original owners were not investors, but rather developers. I think it is now owned by investors, so this is what you get.

LastPass recently enabled "passwordless"

[kurt_cordial]

This comes in tandem with a broader industry push toward adoption of passwordless, hardware -based security. Where access is tied to the availability or proximity of a whitelisted approved device. Passwordless is alpha > default > required > whatever. Security professionals always fiddle with PR footprints. They contend with sneaker-ware, air-gaps, leaks, and worms. It sounds like a gentle nudge. Passwordless is the future, get on board NOW.

The one part missing

[Veretax]

LastPass has the ability to require an authenticator or hardware key to add a layer of 2FA. What i'm not sure is if that's just to get through from the Client, or if its necessary to encrypt and decrypt the sensitive bits they store.

Note that Last Pass put up a recent blog about the incident Here [lastpass.com]

The key bits that puzzle me are these:

"Depending upon the chosen implementation model, this hidden master password is actually a combination of two or more separately-stored, 256 bits or 32 characters long cr

Re: The one part missing

[guruevi]

The 2FA basically authenticates you against an organizational store which then releases a second âoepasswordâ. So you have your own memorized password, combined with an organizational password. If you paid for LastPass Enterprise, the authentication happened somewhere else (SAML) and LastPass has no access to âyour keysâ(TM). Without the organizational keys, you only have access to a âpersonalâ(TM) vault, not the âenterpriseâ(TM) vault.

Re:

[Veretax]

That's what I thought that meant, which means, Enterprise customers maybe are not hurt as much as regular users, paid or otherwise? Wow that's not fun at all.

Re:

[gweihir]

The first part is just bullshit trying to confuse the issue. They could easily have given details, in particular _where_ thwse "two or more" secrets reside. They did not and that is a clear indicator this does not actually help.

As to their future, well they apparently got hacked 7 times so far. This time the attackers apparently did not get everything, but next time they may well do. This company has disgraced itself basically to the maximum level possible for a vendor of security software. Since they have

Willie Sutton

[groobly]

"I rob banks because that's where the money is." --Willie Sutton.

A single place with millions of passwords is a much more lucrative hacking target than my personal machine with just a few passwords. The whole idea of a password manager is flawed.

Re:

[gweihir]

Not so. But it is flawed when it is phoning home and doing online backups to the vendor.

Fool me once...

[gweihir]

Apparently, these cretins have been hacked 7 times so far. Bests stay away, this is crapware that can be avoided easily. They probably though doing security-software on the level of "security" that microsoft does was enough.