top | item 43296974

(no title)

Adding on to what others have said, LastPass stored vault "metadata" unencrypted. Metadata included things the url. This allowed the attackers to prioritize cracking vaults of higher value.

See a vault with just a facebook.com and google.com login? Skip it. See a vault with coinbase and 10 other crypto sites in it? Spend a few thousand trying to crack it.

Source: https://github.com/cfbao/lastpass-vault-parser/wiki/LastPass...

discuss

No comments yet.