[lolinder]

Aren't we assuming at this point that the attackers have the complete customer list? I imagine that it would be way easier for them to have a script query that list directly and search for names and emails to find high value targets, rather than reading through HN hoping for a hit.

[fanso99]

This is news to me. Was the customer list also stolen? Specifically, customer records linked to individual vaults?

My concern with anyone identifying themselves as being affected by this breach is that a 3rd party would be able to collect a lot of information about the user for a very targeted social engineering attack. Conversations here often disclose personal information such as approximate age, location, past experiences, hobbies, etc. It's a gold mine for social engineering.

[lolinder]

From https://blog.lastpass.com/2022/12/notice-of-recent-security-... :

> To date, we have determined that ... the threat actor copied information from backup that contained basic customer account information and related metadata including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service. The threat actor was also able to copy a backup of customer vault data ... both unencrypted data, such as website URLs ...

Given how incompetent they've been, it would be safe to assume that the vault data is linked to customer account information. And because website URLs are included in the package, there is already tons of information for spear phishing, and any LastPass user here is probably already doxxed to the bad actor.

In general, you're right, but I really think that in this case the ship has sailed. The attacker has more information than they could possibly sort through by hand, they're not going to resort to reading forum posts.