In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
Seems they only targeted potentially accounts that might’ve contained some MONEY (Cryptocurrency)
It seems that in particular “Secure Notes” containing crypto seed phrases seem to have been compromised. It’s pretty silly to have not migrated your old crypto wallets by now though.
…If you have/had an older account with potentially a very weak Master Password… Your password would be considered Weak if it was Less than 12 characters & did not not contain Uppercase, Lowercase and Symbols & was not an XKCD style password that *isn’t * “Correct Horse Battery Staple” or some other combination of those exact four words…
…Older than 2018…
…Or worse yet, 2013…and you didn’t change the iterations setting(s), which most people probably did not.
Uh, I made my lastpass account in 2012. If the iterations setting on 2013 was 5000, then the iterations setting the older accounts are probably even worse. I may or may not upgrade the iteration, I can’t remember at all.
Meanwhile, websites in my country don’t allow symbols for fear of code injection attacks, and the allowed max length is 8 characters. You read it right. Fucking hell, it’s Japan…
Do they allow using unicode characters though? Eight characters of kanji might a pretty strong password.
No, no unicode on 99.9% of websites.