Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security IT

Experts Fear Crooks Are Cracking Keys Stolen In LastPass Breach (krebsonsecurity.com) 74

AmiMoJo writes: In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Taylor Monahan is founder and CEO of MetaMask, a popular software cryptocurrency wallet used to interact with the Ethereum blockchain. Since late December 2022, Monahan and other researchers have identified a highly reliable set of clues that they say connect recent thefts targeting more than 150 people, Collectively, these individuals have been robbed of more than $35 million worth of crypto. Monahan said virtually all of the victims she has assisted were longtime cryptocurrency investors, and security-minded individuals. Importantly, none appeared to have suffered the sorts of attacks that typically preface a high-dollar crypto heist, such as the compromise of one's email and/or mobile phone accounts.

This discussion has been archived. No new comments can be posted.

Experts Fear Crooks Are Cracking Keys Stolen In LastPass Breach

Comments Filter:
  • by Rosco P. Coltrane ( 209368 ) on Wednesday September 06, 2023 @09:57AM (#63827670)

    If you entrust your data to the cloud, consider it public. That includes your passwords. I can't believe this needs repeating in 2023...

    As for passwords themselves, here's the list of safe storage options, by decreasing order of safety:

    - Your brain: honestly, devise a method to create long non-obvious passwords, like the first letter of each word in a line of poetry you know, prefixed with letters from your username, digits or other ASCII characters or whatever, and make an effort. It's not that hard...

    - A local password manager on a machine YOU control.

    - Anything else.

    • Storing hundreds (not unusual these days) of strong unique passwords in your brain is pretty far-fetched. But the point about passwords in the cloud is valid. There's simply no way to know if you can trust a cloud service to take good care of your vault.
      • by torkus ( 1133985 )

        There is a straight-forward way to safely store data in the cloud but it isn't convenient or 'free' - you need to encrypt everything with key(s) only you control.

        While integrated to some platforms for enterprise customers (M365 for example) it's not something generally accessible to the general public. It would be super handy to have a multi-factor enabled hardware keystore to allow for seamless encrypt/decrypt of my cloud data in realtime. Public key to encrypt means giving me data (or uploading) is triv

        • There is a straight-forward way to safely store data in the cloud but it isn't convenient or 'free' - you need to encrypt everything with key(s) only you control.

          Tell that to the LastPass customers who control their key, but have had their passwords exposed when their cloud-based vault was exfiltrated.

          • Source that their passwords were exposed? The encrypted vaults were exposed and attackers are attempting to crack those (per the article). If they (the attackers) can then the encryption was insufficient. If encryption doesn't work in the cloud why does it work on prem?

            • by Junta ( 36770 )

              I never used LastPass, but I assume it's like a lot of other things: The decryption key is ultimately terminated by a PBKDF or scrypt or similar, which mitigates, but ultimately is susceptible to guessing the passphrase/password. So of those 25 million users, some probably had reasonably guessable passphrases/passwords.

              The encryption is only as good as the protection of the private key. The key derivation routines can slow guessing down only so much. KeePassXC is perfectly happy to let you use a password

              • You are mostly correct.

                LastPass uses 256-bit AES encryption/decryption and PBKDF2 derivation function with a secure hash (SHA256), with salting, to transform your Master Password into an encryption key, and then into an authentication hash.

                Which is why I said it's no different than on prem with the exception of being a larger target due to how many vaults are stored there. Hack my laptop you get my encrypted files, hack last pass you get N encrypted files. If anyone used a weak password or a had set lastpas

        • by AmiMoJo ( 196126 )

          That's easily achievable.

          Use Keepass. Use a key file, that you only ever keep locally. You can update the database in the cloud without ever uploading the key.

          Another option is a YubiKey or similar hardware token. KeePass supports them for 2FA.

    • For many years, I've written verses that work as passwords. They are pretty much impossible to forget and don't appear in any publication. I don't go to this amount of trouble for everything, but all my important stuff is hiding behind some kind of fairly lengthy, occasionally obscene doggerel.

      • by Junta ( 36770 )

        I'm sorry, but your password fails to meet our requirements:
        -It is longer than 12 characters long
        -It contains plain words
        -Please use a secure password, like abcd1234!

        • ROFL!!! Thanks for that!

          I haven't run into the maximum character situation, thanks be to the computer gods, so this hasn't been a problem. When numbers and special characters are required, I put a little code in the verses that reminds me which ones I used on each occasion. I would never be vain enough to say my passwords are uncrackable, but I'm pretty confident they're more trouble than they're worth.

    • It sounds like you wouldn't allow room between "a local password manager" and "anything else" for a server-based solution in which you have exclusive control over the randomly generated key that was used to encrypt the data. Is that correct? If so, I'm genuinely curious how you trust anything on the Internet.

      If you think that a local machine in your control is the least secure, still-valid option—which seems to be what you're suggesting—do you trust the public key cryptography used to transport

      • by flippy ( 62353 )

        There's a big difference between fixed data (like the type that's stored in a password manager) and the temporary information that is the type that is transmitted during a TLS session in a browser.

        When available offline, an attacker practically has unlimited time to crack a set of fixed encrypted data, and when they do, it's highly likely that plaintext will still have value.

        Even if every packet were captured from a browser session, and therefore is available offline for an attacker to try to break, what go

        • There's a big difference between fixed data (like the type that's stored in a password manager) and the temporary information that is the type that is transmitted during a TLS session in a browser.

          Hold up. Feel free to correct me if I've misunderstood, but this sentence seems to say—and the remainder of your post seem to be predicated on the assumption that—TLS isn't used for "fixed data", which couldn't be further from the truth. Email, backups, personal notes, health data, location history, and numerous other examples of "fixed data" frequently flow over TLS, all of which are of value to attackers whether the data is at rest or in transit.

          Is there a difference between temporary informat

          • by flippy ( 62353 )

            I re-read my own comment, and realized that I wasn't saying what I wanted to clearly.

            Instead of 'There's a big difference between fixed data (like the type that's stored in a password manager) and the temporary information that is the type that is transmitted during a TLS session in a browser.' I meant something more along the lines of 'TLS/public key cryptography tends to carry data that is valid for a shorter amount of time than data stored in a password manager, which tends to be valid for longer.'

            I agre

            • Thanks for the clarification. Your #3 is basically describing the Let's Encrypt approach to issuing certificates, except with passwords instead of certificates, and I couldn't agree more...presuming we get it automated.

              I recall seeing a few years back that one of Dashlane's distinctives was its ability to automatically reset passwords for accounts in your vault with the push of a button (presumably for some set of a few hundred or thousand popular sites for which they had coded support). If, say, any OAuth

    • Re: (Score:2, Troll)

      by AmiMoJo ( 196126 )

      The issue is that LastPass' keys were generated from just a password and salt. The salt is stored in the database, so the attackers have it. It prevents pre-calculation attacks, but does nothing to slow down dictionary attacks against the password.

      Because of the way human memory works, dictionary attacks on GPUs (plenty available since the collapse of crypto mining) tend to be quite effective. The old "horsebatterystaple" advice is terrible, it's very easy to crack.

      You can safely store your passwords in the

      • by AmiMoJo ( 196126 )

        Some idiot modded this "troll". It's a sad day when we can't have a decent conversation about security on Slashdot.

    • "If you entrust your data to the cloud, consider it public."

      I completely agree with ya but doesn't this make slashdot kind of implausible as a platform? What percentage of articles being promoted on this website are pushing cyber-security or cloud products that reduce security and steal data.

      I keep using one phrase to describe the modern internet: Implausible Deniability.
      • by Jeremi ( 14640 )

        What percentage of articles being promoted on this website are pushing cyber-security or cloud products that reduce security and steal data.

        Almost none? Seriously, scroll down the list of articles on the main page, and count how many of them are in any way related to cloud security products.

    • by ljw1004 ( 764174 )

      If you entrust your data to the cloud, consider it public. That includes your passwords. I can't believe this needs repeating in 2023... As for passwords themselves, here's the list of safe storage options, by decreasing order of safety: your brain, local password manager, anything else.

      Notably, your two solutions (brain, local password manager) don't solve the typical use-case of sharing passwords with spouse or with multiple devices.

      As for the "anything else", well, it shouldn't need repeating in 2023, but if you're looking at solving that use-case either through a provider like 1Password/LastPass or rolling your own, well, you should never roll your own security.

    • Problem #1:
      In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults, using information stolen during a previous security incident from August 2022.

      Last Pass, whose entire business is to keep things secure, failed to do so, TWICE within three months.

      Problem #2:
      When the breach occurred in November 2022, LastPass said: "... customers' passwords have not been compromised and remain safely encrypted due to LastPass's Zero Knowledge architecture."
      • by EvilSS ( 557649 )
        #2 is partially true. LastPass (to my knowledge) did not know customer passwords. However on older accounts they used very low iterations with their key derivation algo. Depending on when your account was created this could be as low as 1. That makes brute forcing passwords a real possibility for a group with some money to spend on doing it. As time went on the increased it but they didn't force existing databases to be updated, so older users were left out there in an insecure state.

        Their other major f
      • by necro81 ( 917438 )

        Problem #1:...

        Problem #2:...

        Problem #3:
        People affected by this breach haven't updated their passwords in the past 9 months, knowing that stuff is out there..

    • It seems pretty easy to do something secure - just use OpenKeychain on android with a gpg private key that is not in the cloud anywhere. You can store the encrypted text file containing the account information and passwords in whatever cloud service you please, even on your own servers if you want. Sure this makes it a little harder to add passwords, but at least they are actually secure and there are no proprietary components involved other than your own handset. (OpenKeychain is open source) It is unc

    • by slazzy ( 864185 )
      Also, if you do store passwords in the cloud and there's a public breach that would be a really good time to change every password in there. For crypto, move everything to a new wallet with a new private key.
    • by decreasing order of safety: - Your brain:

      Since when is the definition of data safety: "Highest possible likelihood of complete loss" ?

  • by doug141 ( 863552 ) on Wednesday September 06, 2023 @10:02AM (#63827686)

    "Then on Aug. 28, Monahan said she’d concluded that the common thread among nearly every victim was that they’d previously used LastPass to store their “seed phrase,” the private key needed to unlock access to their cryptocurrency investments."
    “The seed phrase is literally the money,” said Nick Bax, director of analytics at Unciphered, a cryptocurrency wallet recovery company. “If you have my seed phrase, you can copy and paste that into your wallet, and then you can see all my accounts. And you can transfer my funds.”

    • by ceoyoyo ( 59147 )

      They can't be very security minded if they stored their stuff in LastPass, it got hacked, and they didn't change anything.

      Storing the seed phrase is equivalent to storing the actual private key, so changing it means creating a new wallet and transferring everything out of the old one. Worth keeping in mind when you're deciding where to store it.

      • by irving47 ( 73147 )

        Perfection. I was looking for that exact phrasing.

      • They can't be very security minded if they stored their stuff in LastPass, it got hacked, and they didn't change anything.

        That sounds very insightful until you get to the second part of your post. It is non-trivial nor is it typically free to change your wallet.

        Here's a better idea: Stop victim blaming for someone else's poor encryption.

        • by ceoyoyo ( 59147 )

          Little cranky today? Did you read the "Worth keeping in mind when you're deciding where to store it" part?

          Yeah, it's nontrivial and potentially very expensive to change your wallet. It could be a huge pain in the ass if you actually use the thing as anything but an investment account too. Thus why you should consider carefully what you do with the keys.

          Are you saying you think someone who's "security minded" would just say "ah, someone stole my keys, but I'm sure it will be fine," or did you just want to us

    • by Ichijo ( 607641 )

      We know that some fields weren't encrypted. Maybe that's where hackers found the seed phrases.

    • by clovis ( 4684 )

      I've always wondered at what point does using the BTC farms to mint coins become more expensive than repurposing the hardware to crack passwords.
      Minting a bitcoin gets you, $25K and the transaction fees, but cracking the password of a big account gets millions.

  • The real question is which nation states/spy agencies have copies of the data. How many of the keys have they cracked and how many Government, Enterprise, and Corporate Cloud tenancies do they 'own'

    • The real question is which nation states/spy agencies have copies of the data. How many of the keys have they cracked and how many Government, Enterprise, and Corporate Cloud tenancies do they 'own'

      That's a good question, but maybe a better question is why people would trust some cloud outfit with the keys to the kingdom? it isn't beyond the pale to think that using a service like this directly gives your keys to the kingdom to interested parties, not just to hackers.

  • If you are stupid enough to put critical information like passwords/private keys in the Cloud (aka someone else servers), you deserve it. Period.

    • by Pieroxy ( 222434 )

      My KeePass2 file lives in my Dropbox. I count on cryptography to keep my passwords safe. And I can access it from everywhere.

      The future will tell if there is a glaring bug in KeePass2 and this whole thing was a mistake.

      • by znrt ( 2424692 )

        The future will tell if there is a glaring bug in KeePass2 and this whole thing was a mistake.

        i wonder what you expect the future to tell you that the immediate past hasn't already: they got compromised, twice in a row, they lied about it and as a result data that was supposedly private no longer was and coins were stolen.

        indeed, if you do your crypto right you could even leave your encrypted data right in the open, hyper accessible, without a worry in the world and you wouldn't even need keepass for that. keepass is however more convenient ... if you are willing to trust others to do crypto right f

      • by Junta ( 36770 )

        A shame that you used 'hunter2' as the passphrase to protect your keepass file.

        (I agree that using cryptographic schemes is good, but ultimately KeePass is also only as strong as your unlock passphrase, and people will choose guessable unlock passphrases)

        • by Darkk ( 1296127 )

          Myself personally I use KeePassXC with database stored on my own locally hosted Nextcloud server. Database is protected with long password AND keyfile which is stored outside of KeePassXC directory. That keyfile is never sync'd anywhere and always copied over via SD card to another device.

          Encrypted database protection is only good as how the password combined with other method authentication are used. Straight password is not good enough these days.

          KeepassXC even supports YubiKeys.

    • You do realize that, as it stands right now, if you have a password to a cloud service, that password is stored..... wait for it..... in the cloud, right?

      It's kind of the point of a password. You store it on the place you want to access and then you prove that it is you by providing your version of that password which is matched against the stored password.

      You, of course, are trusting that cloud provider encrypts and stores your password properly, but you have to have some level of trust in order to operate

      • You do realize that, as it stands right now, if you have a password to a Cloud service, that password is stored.... wait for it... as a salted HASH (not the password itself like LastPass even if it's encrypted). If it's not the case, then you must leave your Cloud service provider right now.

        If your data (password and/or any other information) is really critical/personal for you then you never (ever) want store it in any Cloud service provider. Ever. Keep in mind that any data stored in the Cloud WILL BE sto

      • by Junta ( 36770 )

        If you have good security discipline, than cloud service X password is only applicable to service X. If service X is compromised to get password for service X, then they probably don't need the password to mess with service X, and the password was only good for service X. If they properly handled passwords, then a password like dwyccFt9seyjJKNqqAnkSN/1 would never get cracked from a breach.

        For a password database, then the risk associated with how much access is granted is much much larger. Also, being t

  • You keep using that word. I don't think it means what you think it means. A security-minded person does not store their keys on someone else's computer ("in the cloud").
    • cloud, noun, English, homonym of klaut, verb, German, imperative plural of klauen, to steal.

      In other words, an order to a group to grab and bail with whatever they can get their fingers on.

  • by Opportunist ( 166417 ) on Wednesday September 06, 2023 @10:18AM (#63827728)

    I thought they just stole it because they thought that blob of data looked nice as a wallpaper.

    • I thought they just stole it because they thought that blob of data looked nice as a wallpaper.

      This is actually the root motivation for the data breach. All the stuff about cracking vaults and taking cryptocurrency and whatnot is merely in order to obtain the funds necessary to print the data blob as custom wallpaper sheets. That kind of bespoke service is not cheap.

  • Basically they turned an online attack, which can be mitigated by rate limiting to an offline attack. The question is how they crack the passwords, did LastPass use a really simple algorithm that can be cracked in a matter of hours, or is it dependent on the length of your passcode. So if I use a complex 24-character password, am I at risk? What if I was part of an organization that used LastPass, which is double encrypted (once with their key, compounding my key)?

    There is a huge lack of information. Sure,

    • by Cinder6 ( 894572 )

      The answer is "it depends" [palant.info]. Many users were unwittingly on less-secure schemes.

    • by EvilSS ( 557649 )
      The problem is LastPass used to use very weak key derivation iteration settings in the past. Depending on the age of the account this could be as low as a single iteration. To put that into perspective NIST recommends a minimum of 10,000 and 1Password uses 650,000 iterations. As they increased that number, they did not re-encrypt the databases so if you were an older customer, your settings were never updated unless you did it manually. This means that passwords that would normally be secure enough that bru
  • Comment removed based on user account deletion
  • by TheMiddleRoad ( 1153113 ) on Wednesday September 06, 2023 @11:36AM (#63827912)

    LastPass is fine. They had a data breach, and only the dumbasses with short passwords are vulnerable.

    The true story here is that crypto is a horrifically unsafe asset to hold. If you hack my back account, the transactions are traceable and reversible. There are also all kinds of anti-fraud protections in place. If you hack my crypto, I'm essentially fucked. Oh sure, I can look at shit happening on the ledger, but that doesn't do me much good unless the FBI is pouring resources in to help me out. The normal person isn't going to call CryptoRUs and get transactions reversed across the entire blockchain. Nope, I'm fucked.

    Get your shit together, people. This is an article about how fucking stupid crypto is. LastPass is fine.

    • LastPass is fine. They had a data breach, and only the dumbasses with short passwords are vulnerable.

      The true story here is that crypto is a horrifically unsafe asset to hold. If you hack my back account, the transactions are traceable and reversible. There are also all kinds of anti-fraud protections in place. If you hack my crypto, I'm essentially fucked. Oh sure, I can look at shit happening on the ledger, but that doesn't do me much good unless the FBI is pouring resources in to help me out. The normal person isn't going to call CryptoRUs and get transactions reversed across the entire blockchain. Nope, I'm fucked.

      Get your shit together, people. This is an article about how fucking stupid crypto is. LastPass is fine.

      Your point about crypto is fine, and I agree that crypto is risky beyond measure.

      At the same time, the article is also about LastPass using a badly-designed system that allows for weak encryption. There are plenty of things one could store in a LastPass vault that would be almost as dangerous as a crypto seed phrase. The fact that LastPass uses (or used?) a system that ALLOWED for weak encryption is enough to drop them like a hot potato. They're NOT fine. They screwed up big time.

    • LastPass is fine. They had a data breach, and only the dumbasses with short passwords are vulnerable.

      Citation Needed. TFA literally talks about all the ways that LastPass is not fine, and how LastPass did not update security methods for old wallets, and that by default configuration with the same average strength password someone setting up LastPass now would require 200 years of GPU time to crack their wallet, vs 17 hours for people who first signed up.

      Stop victim blaming. Lastpass had all the power to enforce good security.

      • I have been using LastPass for a long time now. 1 iteration days? I don't know. I checked, and mine was at 600k, but I upped it to 900k. But then my master password has never been something as short as 8 characters. I'm not a dumbass. Also, I do rotate important passwords now and then. Somebody can always do this.

  • Need I say more?

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...