He copied it from KeePassX and pasted it into LastPass. Sadetsky says he had gone through a scrupulous extra step to use a second password manager to generate and encrypt the key to his LastPass password manager.Ĭould it be a keyboard sniffer? - The last time he’d accessed the master password, he says, was in 2017. He considers the incident particularly concerning because the password was used only on LastPass and stored only in an encrypted password manager called KeePassX. Sadetsky wrote that LastPass had alerted him of a login attempt using his account’s master password with this message: "Someone just used your master password to try to log in to your account from a device or location we didn't recognize.” So on December 27, when Sadetsky got a concerning email from his password manager, he spoke up. “I just want these things fixed,” he said. In the past month alone, he tells me he’s uncovered security vulnerabilities in both a COVID test company lab and the app that controls the lights above the World Trade Center. Greg Sadetsky, the Montreal-based technologist who wrote the post on Hacker News, calls himself a part-time involuntary “security mensch.” “I think I’m pretty paranoid,” he told Input, before adding that he has a habit of ending conversations with a reminder not to use the same password twice (“not all conversations, though,” he assured me). LastPass has since said it hasn’t leaked user information, leaving people with a lot of questions. Online forums are abuzz with reports that LastPass sent emails to users describing unauthorized login attempts with their master passwords, after one user posted about the issue on Hacker News.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |