Submitted by BasedSweet t3_10z1kx5 in technology
gurenkagurenda t1_j83s6ne wrote
Reply to comment by rlaxton in Millions of passwords stolen from LastPass earlier than company disclosed: Report by BasedSweet
Well, all the directly sensitive content. LastPass has always been bad about storing metadata in the clear. It doesn’t make it easier for an attacker to get your password, but it does let them narrow down who to try to attack.
spsteve t1_j85swbk wrote
It does if a site did something stupid and included something useful in the url that lp has stored.
Edit: it also makes phishing much easier. That Metadata can be used like this:
You have an ms account and an Adobe account. I know because I have your Metadata. I send you a sophisticated phish saying that Adobe is no offering to link to your ms account for single sign in. Just enter your Adobe and ms ids on this form...
It might not hit you but it would get a lot of users.
Viewing a single comment thread. View all comments