|
|
|
|
|
|
by kelnage
1275 days ago
|
|
|
As far as I know, it’s only believed that the attackers have the encrypted vaults of LastPass users. However, that does mean they can attempt to “brute force” the encryption, trying any number of passwords as often as they like - and it seems some earlier versions of LastPass used rather poor choices with that cryptography, meaning the amount of effort needed to make an attempt is lower than other similar services (plus some users may have rather poor master passwords, making them easier to guess). |
|
|
Consider that many users may have had very guessable vault passwords, and encryption generally gets weaker as hardware and techniques advance.