|
|
|
|
|
|
by semicolon_storm
468 days ago
|
|
|
Adding on to what others have said, LastPass stored vault "metadata" unencrypted. Metadata included things the url. This allowed the attackers to prioritize cracking vaults of higher value. See a vault with just a facebook.com and google.com login? Skip it. See a vault with coinbase and 10 other crypto sites in it? Spend a few thousand trying to crack it. Source: https://github.com/cfbao/lastpass-vault-parser/wiki/LastPass... |
|
|