Hacker News new | ask | show | jobs
by ryanjshaw 1279 days ago
There ought to be some kind of legal sanction against companies that try to hide the seriousness of data breaches.

I read the customer update, and the severity of this breach is hidden deep in the statement and skimmed over.

Basically: LastPass just shared which sites you have logins for with the attacker. This could be sold or released to the entire world. They claim the usernames are encrypted fields but often the usernames can also be in the URLs saved along with the site.
1 comments
steve1977 1279 days ago
I really don’t understand why they didn’t just encrypt the whole records.
link
yakak 1279 days ago
The convenience of offering to re-login if your session is expired and you hit a site where you use it?
link
ryanjshaw 1279 days ago
That could have been cached locally on your machine, separate from your vault.
link