![Win rar zip](https://cdn3.cdnme.se/5447227/9-3/screenshot_3_64e629479606ee7f889a24a8.jpg)
Old email accounts added as mailboxes for the new account.Given the latest revelations, I’ve now deleted my account in LastPass and am going ‘full nuclear’. I did, however, go around and change all my high value passwords and 2FA. I didn’t immediately delete my account, because I was worried about the migration process. I’d also spotted the iterations issue in 2021 and had reported it to LastPass.
![my lastpass vault my lastpass vault](https://lastpass.com/newvault/images/vault_4.0/Empty_Credit_Card_Migration.png)
I reported it via Bug Bounty and was told that this was a ‘known issue’ from 2017 and still hadn’t been patched. I’d already identified a method for bypassing LastPass 2FA and gaining access to the vault via Windows Hello. No company can be 100% safe from breaches that’s a simple truth, but trust is paramount in the world of password management, and there can be little doubt that trust is being tested hard right now.I migrated to Bitwarden back in August, after the first Lastpass announcements. The transparency in declaring breaches is always to be applauded, although questions remain as to why it has taken so long to determine and disclose that password vaults had been stolen. I am not a LastPass user, but if I were, then I'd certainly be looking at alternatives following what has been a particularly challenging 2022 for the company. Whether you think that LastPass is a service you can continue to trust or not is a matter for you. LastPass is "performing an exhaustive analysis of every account with signs of any suspicious activity within our cloud storage service," Toubba stated. Business users not using the federated login, and with a weak master password, Toubba again recommends they consider changing all stored website passwords.
![my lastpass vault my lastpass vault](https://i.pinimg.com/originals/19/9d/92/199d9299b628c35efde9db694890d295.jpg)
What is the impact on LastPass business users?įor business customers using the federated login services provided by LastPass, Toubba says that the threat actor "did not have access to the key fragments stored in customer Identity Provider’s or LastPass’ infrastructure, and they were not included in the backups that were copied that contained customer vaults." Again, 'no action, is the recommended action for these users.
![Win rar zip](https://cdn3.cdnme.se/5447227/9-3/screenshot_3_64e629479606ee7f889a24a8.jpg)