One of the big password management systems that remembers all your passwords for you got hacked. LastPass had its giant vault files apparently downloaded and someone's been endlessly cracking them one by one
(www.securityweek.com)https://www.securityweek.com/in-other-news-lastpass-vault-hacking-russia-targets-ukraine-energy-facility-nxp-breach/One of the big password management systems that remembers all your passwords for you got hacked. LastPass had its giant vault files apparently downloaded and someone's been endlessly cracking them one by one.
I read a couple of articles on this the last few days. Apparently some of the passwords have been related to some cryptocurrency that people had and something like 37 million dollars worth of cryptocurrency has already been taken from individuals sort of one by one.
I'm not sure I have this right but I think I do. What's happened is LastPass held all your passwords that you had given them to remember for you in big fat files that were encrypted. Normally they and no one else could know what your passwords were because they didn't know how to decrypt your particular part of the big vault. The vault is what they call the big file. But apparently if you were trying that through the website then it would take too many tries to the website and it was really no physical way to do it. But if you were able to download the giant vault file itself and put it on your own machines you could spend endless hours cracking individual password vaults for individuals and apparently that's what's been successful. So whoever took the big vault files apparently has been slowly but surely going through them and cracking passwords and apparently when they find some cryptocurrency they've been taking it and I guess the cryptocurrency would have to be stored on some website that hold your cryptocurrency for you. Or I don't know if they were using the seed phrases and storing them there or something.
Anyway that's my summary of whatever it from several different articles and it may not be exactly right but it's something like that.
It just goes to show you that you really can't trust any centralized providers to control your security and you really should figure out a way to secure your own stuff because if you give it all to one person or one company and that company gets hacked which we've seen happen over and over then it's bad news.
