Viewing a single comment thread. View all comments

dubiousadvocate t1_j1vrg1s wrote

I’ll check into it, thx! It took me almost a decade to convince nearly all my extended family to use a vault service and at the time LastPass was one of the better ones. I spent much of the Xmas weekend apologizing and asking folks to change their MP. Embarrassing…

3

wpalant t1_j1vwns9 wrote

Disclaimer: I’m the author of the article linked by the OP.

I’m sorry to be telling you this but it’s too late for changing the master password now. It’s the master password in use when the data leaked that matters.

On the bright side: it isn’t very likely that the passwords of a regular “nobody” will be decrypted. I’ve outlined the considerations here: https://palant.info/2022/12/23/lastpass-has-been-breached-what-now/

However, if you want to mitigate the risk, there is no way other than changing passwords now. Especially passwords of high-value websites (banking accounts, shopping sites etc.).

16

jeffreyd00 t1_j1vv1d4 wrote

I dunno why you felt the need to apologize. You didn't hack it, you didn't sell the company off to someone else that let it stagnant and fester into a liability for all of it's users.

4