this post was submitted on 07 Sep 2023
988 points (99.0% liked)

Technology

59374 readers
7409 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
 

More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 17 points 1 year ago (1 children)

This is the best summary I could come up with:


Cybersecurity blogger Brian Krebs reports that several researchers have identified a “highly reliable set of clues” that seemingly connect over 150 victims of crypto theft with the LastPass service.

Taylor Monahan, lead product manager at crypto wallet company MetaMask and one of the key researchers investigating the attacks, concluded that the common thread connecting the victims was that they’d previously used LastPass to store their “seed phrase” — a private digital key that’s required to access cryptocurrency investments.

These keys are often stored on encrypted services like password managers to prevent bad actors from gaining access to crypto wallets.

We have reached out to LastPass to confirm if any of the stolen password vaults have been cracked and will update this story if we hear back.

Researcher Nick Bax, director of analytics at crypto wallet recovery company Unciphered, also reviewed the theft data and agreed with Monahan’s conclusions in an interview with KrebsOnSecurity:

“I’m confident enough that this is a real problem that I’ve been urging my friends and family who use LastPass to change all of their passwords and migrate any crypto that may have been exposed, despite knowing full well how tedious that is.”


The original article contains 363 words, the summary contains 196 words. Saved 46%. I'm a bot and I'm open source!

[–] [email protected] 1 points 1 year ago