Hacker News new | ask | show | jobs
by fanso99 1275 days ago
Please stop commenting whether you are a LastPass user or not. Some of your profiles on HN have an email address and in general all your comments are public so can be mined, plus "rich techies" could be prime targets for more direct and elaborate phishing campaigns.
3 comments
vba616 1275 days ago
For all you know, they are bots or shills to encourage actual users to comment.

Remember this?

    <Cthon98> hey, if you type in your pw, it will show as stars
    <Cthon98> ********* see!
    <AzureDiamond> hunter2
    <AzureDiamond> doesnt look like stars to me
    <Cthon98> <AzureDiamond> *******
    <Cthon98> thats what I see
    <AzureDiamond> oh, really?
    <Cthon98> Absolutely
    <AzureDiamond> you can go hunter2 my hunter2-ing hunter2
    <AzureDiamond> haha, does that look funny to you?
    <Cthon98> lol, yes. See, when YOU type hunter2, it shows to us as *******
    <AzureDiamond> thats neat, I didnt know IRC did that
    <Cthon98> yep, no matter how many times you type hunter2, it will show to us as *******
    <AzureDiamond> awesome!
    <AzureDiamond> wait, how do you know my pw?
    <Cthon98> er, I just copy pasted YOUR ******'s and it appears to YOU as hunter2 cause its your pw
    <AzureDiamond> oh, ok.
link
tommieb 1275 days ago
the ol' hunter2 ... haven't seen this irc dialogue in years, thanks for the laughs
link
lolinder 1275 days ago
Aren't we assuming at this point that the attackers have the complete customer list? I imagine that it would be way easier for them to have a script query that list directly and search for names and emails to find high value targets, rather than reading through HN hoping for a hit.
link
fanso99 1275 days ago
This is news to me. Was the customer list also stolen? Specifically, customer records linked to individual vaults?

My concern with anyone identifying themselves as being affected by this breach is that a 3rd party would be able to collect a lot of information about the user for a very targeted social engineering attack. Conversations here often disclose personal information such as approximate age, location, past experiences, hobbies, etc. It's a gold mine for social engineering.

link
lolinder 1274 days ago
From https://blog.lastpass.com/2022/12/notice-of-recent-security-... :

> To date, we have determined that ... the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data ... both unencrypted data, such as website URLs ...

Given how incompetent they've been, it would be safe to assume that the vault data is linked to customer account information. And because website URLs are included in the package, there is already tons of information for spear phishing, and any LastPass user here is probably already doxxed to the bad actor.

In general, you're right, but I really think that in this case the ship has sailed. The attacker has more information than they could possibly sort through by hand, they're not going to resort to reading forum posts.

link
petarb 1275 days ago
This
link