|
|
|
|
|
|
by palant
1637 days ago
|
|
|
First of all: I don’t think that all accounts are affected. For example, my own account didn’t receive this message. Assuming that indeed a logging server was compromised, we don’t know under which conditions the password hash is logged. Maybe it’s only people who used the web interface to log in, or only people who changed their master password, or people who hit a particular error condition. Second: People only notice the failed login attempts. I don’t know what exactly this attack looks like, but I doubt that the point is triggering these alerts for as many people as possible. They rather want to log in successfully, meaning without any alerts being produced. Who knows how often this happened without anybody noticing? Finally: We only know about people who were concerned enough about these alerts to write about it on Hacker News (or in some cases Twitter). That’s a tiny fraction of all LastPass users. |
|
|