🏅 Top traders

They seem to still be LastPass, as far as I can tell. https://www.lastpass.com/

Security Incident Update and Recommended Actions: https://blog.lastpass.com/2023/03/security-incident-update-recommended-actions/

“Security Incident” they use the weaseliest language

@Yoav “Breech” would be nice, but afaik “incident” is pretty standard language for the industry.

As far as the body of the posting, imo the details of the attack, what was compromised and when, and how they’ve responded internally are all really thoroughly communicated here.

@Yoav Thanks for sharing the link!

@MattCWilson Even though this was removed, it's a pretty gross oversight.

Wow... why is this so high? (I ask as a concerned LastPass user)

@jonsimon They got hacked and their encrypted password vaults leaked. Attackers can see what websites you have passwords for, and if you have an old LastPass account with weaker encryption or a weak master password they might be able to break your vault and get access to all of your passwords.

(I recommend BitWarden and switched away from LastPass years ago because they have a poor track record)

@jonsimon https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/