LastPass, Mastodon, and AI/ML - Dec 31st - Jan 6th - F5 SIRT - This Week in Security

Editor's introduction Hello, MegaZone is back this week as our rotation continues. I hope everyone had a good holiday season. Let's hope that 2023 is a good year. A couple of things I wa...
Updated Jan 17, 2023
Version 2.0
Security
twis
MegaZone's avatar
MegaZone
Icon for SIRT rankSIRT
Jan 25, 2023

LiefZimmerman At this point the horses are out of the barn.  Nothing you do will help with that other than changing your credentials for every site, or at least the important ones, that you had saved in LastPass.  It is a fixed point in time - whatever they grabbed can be brute forced at their leisure, forever.

At this point I would have to give a solid yes that other providers are better.  LastPass has had multiple breaches over the years, but this one exposed some pretty poor security practices on their part.  On top of the bad practices the way they handled the breach was just not acceptable, and more information continues to trickle out that just makes it worse.  As a security professional LastPass has burned every last ounce of trust I had in them - and I recommended them for many years and had used them myself.

Since you really need to chance credentials anyway, to be safe, you may as well switch to a new tool before changing them.