this post was submitted on 28 Sep 2023
322 points (75.6% liked)

Games

32575 readers
1704 users here now

Welcome to the largest gaming community on Lemmy! Discussion for all kinds of games. Video games, tabletop games, card games etc.

Weekly Threads:

What Are You Playing?

The Weekly Discussion Topic

Rules:

  1. Submissions have to be related to games

  2. No bigotry or harassment, be civil

  3. No excessive self-promotion

  4. Stay on-topic; no memes, funny videos, giveaways, reposts, or low-effort posts

  5. Mark Spoilers and NSFW

  6. No linking to piracy

More information about the community rules can be found here.

founded 1 year ago
MODERATORS
 

Larion Studios forum stores your passwords in unhashed plaintext. Don't use a password there that you've used anywhere else.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 1 year ago* (last edited 1 year ago) (3 children)

And at least for LastPass no passwords were compromised. Saying they "were hacked" and leaving the extent of the hack out implies something worse IMO, it's misleading. The safes themselves are E2E encrypted so they also don't have your password.

That said, my vote is to Bitwarden as it's open source and allows self hosting if you think you're a more reliable admin than they are. Open plus more choice is always better.

[–] [email protected] 5 points 1 year ago

And at least for LastPass no passwords were compromised

I'm just going to leave this here:

https://krebsonsecurity.com/2023/09/experts-fear-crooks-are-cracking-keys-stolen-in-lastpass-breach/

[–] [email protected] 4 points 1 year ago

Just this month a link was made between $35 million in crypto being stolen and the 150 victims being LastPass users.

In 2022 Lastpass was compromised through a developer's laptop and had customer data like emails, names, addresses, partial credit cards, website urls, and most importantly vaults stolen last year, and given they're closed source, have no independent audits, and don't release white papers, we have no idea how good their encryption schemes actually are nor if they have any obvious vulnerabilities.

In 2021, users were warned their master passwords were compromised.

In 2020 they had an issue with the browser extension not using the Windows Data Protection API and just saving the master password to a local file.

What will 2024 bring for LastPass? They were hacked, and there's no reason to think they won't see more breaches of confidential customer information and even passwords in the future. This is a repeated pattern, and I'd better trust a post-it-note on my monitor for security than LastPass at this point.

[–] [email protected] 1 points 1 year ago

This is true, but they have your encrypted vault, and all the technical data to make unlimited informed attempts at cracking it. If you used LastPass, you definitely need to be changing passwords for your critical services at a minimum.