I think I will keep LastPass

LastPass was recently hacked and the hacker was able to steal keys from a developer which had access to the company’s backup files. In the backup files, the hacker could use the decryption keys he stole from the developer to create something like:

somesite.com,<plaintext_username>,<hashed_password>

I can assume my data has been leaked. I am a LastPass user; however, I do not think this is good reason for my departure from LastPass.

This is not the first time a hacker was able to get this sort of information from LastPass. I was also a LastPass user during that time and my passwords were never compromised after than hack. The Zero-knowledge password storing employed by LastPass seems to have worked in the past, and I anticipate it being sufficient again.

As a safety precaution, I went ahead and changed my financial passwords, but other than that step, is there anything else that needs to be done? Perhaps I will change my Master password once more. If LastPass gets hacked again, at least all my SHAs will be different.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.