Resolves YES if by 2024 evidence emerges that the LastPass hackers are attempting to brute force user vaults instead of or in addition to non-brute force methods such as phishing, otherwise resolves NO.
Close date updated to 2023-12-31 5:59 pm
1,000🏅 Top traders
| # | Trader | Total profit |
|---|---|---|
| 1 | Ṁ28 | |
| 2 | Ṁ10 | |
| 3 | Ṁ3 | |
| 4 | Ṁ1 | |
| 5 | Ṁ0 |
People are also trading
I'm inclined to resolve this to 80%. The evidence seems strong, but circumstantial (there's no evidence that the people were hacked *because* they had LastPass accounts). Also, all the articles seem to point to only one source for the investigation, which is suspicious, because I would expect there to be many more investigations into this theory if the cybersecurity community deemed it likely.
So there was an attack targetting a significant amount of LastPass users, probably more than would be possible if passwords were only cracked by phishing. There is a specific victim interviewed who presumably got hacked because his password was only 8 characters or because of some lacking settings which would also enable a brute force attack.
https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/