I agree. I believe I was a target in this manner after a different hack very shortly after the company admitted it happened. They never notified me though, so when I received a call claiming to be them and knowing detailed information of my account I believed it was them. I ended the call and didn't engage further with them but noticed a lot of repeat calls from the same number. I knew then it was a scammer and the company announcement I saw led me to contact them to confirm they were not trying to reach me in any way. Be on the lookout folks and take caution with anyone trying to reach you. If they are trying to engage you about something tell them to send you something by mail or to give you a number to callback later to see what happens.

> There is a ton that can be done just by knowing what websites someone has accounts on.

I'm waiting for that mass "oh shit" moment when the larger populace actually begins to understand how much you can do with large amounts of meta data. It's scary.

I mean they physically can't implement the cipher in a way that allows for a backdoor, it wouldn't work(unless they are simply lying about how they encrypt the data I guess, but some quick reverse engineering of their app should figure out pretty easily if they aren't actually using AES-256).

That's why it's a good idea to use open source security tools though. You can read the source code to make sure there's no funny business going on.

The thing that make me question is:How they can reset your Master Password if your data is encrypted? I lost my master password in the past and I was able to change it. Meaning they probably have a backdoor in there cryptographic system or a way to get the information on their side.

Both of the other replies here make me think that the master password isn’t the key. That it merely unlocks the key. This gives the ability to have a password reset and trivial support/law enforcement access. The only evidence is the ability for password resets. That’s a huge red flag.

> Assuming they didn’t do anything incorrectly. Like secretly having a second password for customer support, or for law enforcement requests.

But if that’s secret and not leaked, an attacker wouldn’t be better off.

Absolutely.

Every saved website URL is unencrypted.

Now the attackers have the owner's LastPass email address, all IP addresses used to log in (which for most people is an accurate geographic region), and for everyone who paid their full billing info including name, address and phone number.

And with URLs the attackers can tie all of that to every single service the person has a password for.

That's a goldmine in and of itself. Their utility bills tell you where they live with certainty. Their financial accounts tell you who their bank is, their mortgage company, their insurance company, their health insurance company, etc. Their company accounts tell you who they work for, even if they just have webmail or timesheets saved. Many people now have accounts for their doctor's office, and for different services that offer medical tests (scheduling).

Political affiliations. Hobbies. Clubs. What languages they speak. Deep dark secrets. There's a reason the backup was stolen.

Knowing all that, and previous password leaks, the attackers can (and already are undoubtedly) do Password Spraying attacks against the backup and will gain access to some accounts. It's inevitable, AES256 is too weak and stolen accounts too valuable.

Oh man i feel so stupid right now. I have so many questions. I had a few reset emails come at me while reading about this. Already moved to a different cloud based one that doesn’t get hacked every year. At first i thought ok they got hacked a few years back now they will double down on security- so they will be safer than the ones that didnt get hacked. 🙃

Alright my 2 questions to help me take better action. Hope someone can help, this may help others going through this right now too

1. Silly obvious question but i need to ask it to be super sure: when you say they have the vault offline does this mean my new masterpassword online and some important ones that i have now deleted from my online vault, will not stop them from from accessing my old offline vault with the old password with the now deleted entries as well?

2. Within a password file i would keep important private notes, not a secure note, but the field within a password entry, i cant find if this field was encrypted or was it fully visible too in the hack?

> So yeah, for most users there's not a ton of risk, but for anyone with PWs of less than 11ish characters and/or a low degree of entropy, everything they stored is at risk.

They were always at risk though, it was always incredibly stupid to use short master passwords, it's not like we didn't know that. People who ignored the warnings and did it anyway knew exactly what they were signing up for in the event or a breach.

I mean I mentioned "if your master password wasn't absolutely stupid." If you ignore all the warnings and set an 8 character master password you were always at risk in the event of a hypothetical breach, so this isn't really a surprise.

I mean that's what I meant when I said "master password isn't something absolutely stupid."

That said, hopefully LastPass wasn't dumb enough to not use a key derivation function to derive the master key. The whole point of key derivation function is to make brute forcing passwords impractical by using an deliberately slow, computationally expensive hashing algorithm to derive the key from the password(say it takes like 100ms to compute on a very powerful computer). This effectively thwarts dictionary attacks, forcing the attacker back to "side step the key derivation function and just brute force the 256-bit key directly, without the database" which is again, impossible, even on future computers that don't exist.

Unless somebody discovers an effective, practical attack on full-round AES-256, which would be very impressive. But then you would have much bigger problems than your stupid passwords :)

Assuming everything is implemented in the way Lastpass says it is, only if the attackers were still in the network, and had setup a system to scrape passwords. From what they’re saying, the attackers grabbed the encrypted vaults, which are useless without the master password, so anyone with a strong master password that hadn’t been reused anywhere will be fine.

There are options for password managers if you don’t trust lastpass, such as keepass, which stores the database locally, so no third party has any ability to view them. You then have to worry about backing up the database itself to avoid a hard drive going bad wiping out your password vault, but it is free iirc.

It is impossible if they implemented the key derivation function correctly. If they used salt and used a slow enough KDF then you can't do dictionary or rainbow table attacks on the password, so you have to brute force the key. Which means the impossible task of brute forcing the equivalent of an 128-bit cipher

There is a quantum search algorithm called Grovers algorithm that lets you do a search with O(sqrt(N)) complexity which in other words means you an brute force an n-bit cipher in 2^n/2 operations. It requires way more sophisticated quantum computers than we have today though, with many more quibits and actual, working error correction.

> right... because it's "good enough" still and we've been told that for two decades and they sauce it daily. It was good enough for documents of the "secret" level... which is the level immediately above "given to the NYT for publishing"... in 2003.

It is good enough. Edward Snowden told us that in 2014 even the NSA didn't have any effective cryptanalysis on AES, and even on unrealistic future computers it would still take longer than the heat death of the universe to brute force it.

Same idea. They derive a strong cryptographic key from it somehow.