![]() It’s hard to complain when the service is free, but it’s obviously a big deal for anyone using the service today. That means a free user can only access their account from either a laptop/desktop computer or a smartphone/tablet. On March 16, 2021, LastPass changed its free accounts by restricting a user’s passwords and data to just one type of device. The good news is that this means while hackers do have your account data, they do not have the key used to unlock it, your “Master Password.” However, this does mean that the rest of your data is only as secure as your Master Password was.įor most folks, the safest thing to do following this breach will be to change the passwords on many – if not all – of their accounts stored on LastPass. The breach gave the hackers access to customer vaults, but with encryption still turned on thankfully. When it comes to password manager security, this is essentially a worst case scenario. On December 22, 2022, LastPass announced that a major security breach had managed to expose the password vaults of users. Major LastPass security breach exposes password vaults There’s never been a better time to move to another password manager, so here are a few tips on how to do so switch from LastPass and export all of your passwords. I am posting this to help other users work around it.After first tightening down free accounts in 2021, LastPass has now confirmed a major security breach that led to hackers getting their hands on password vaults. ![]() In conclusion, the Lastpass apps export is broken. But since the Mac app is separate from the Firefox extension, I was able to get a fresh export at least. However, if I run the export again, the same bug happens. ![]() I did the export this way and it worked this time. Clearly the export through the website is broken.įinally, I downloaded the Lastpass Mac app and signed in. When I did this it sent me only a partial file! It only had about 100 records in it. This time it sent me an email, which I had to click a link. I re-did the CSV export under Advanced Options. Now the URL started with the Lastpass URL. So next, I tried going to LastPass homepage and signing in. This suggested it wasn't hitting the main Lastpass site. I noticed that when I used "Open Vault" from the Lastpass firefox extension, that my URL was prefixed with (moz-extension://.). I tried the export again, but still same issue! I logged out of Lastpass for Firefox and logged back in. I had a hypothesis now that this might have to do with some local caching and maybe a bug in the Firefox extension (another Lastpass security issue?!). ![]() I obviously don't want to have 8000 records with tons of duplicates. But this was still a major problem as I needed to get a clean CSV export to import into my new tool. This, at least, explained why my old logins/notes were still in the CSV. I had about 8K records in the latest CSV (way more than there should have been!). It was at this point I realized that it was simply appending the new exports on top of the prior ones. But having downloading like 6 CSVs to my downloads folder, I noticed the file size was getting bigger each time. They old logins/notes were still there!Īt this point, I was getting very concerned. This was obviously very concerning! Next, I went to my recently deleted (also under Advanced Options). When I ran the export again, I noticed that some of the passwords I had just deleted were still in there. I wanted to clean things up a bit before migrating to my new tool. I then went in and deleted about 100 old logins/notes I didn't need. This immediately downloaded a plain-text CSV. To start, I first went to Advanced Options -> Export. Unfortunately, I've learned of even more bugs/issues with Lastpass's export feature as I've gone through the process. In light of the recent news with Lastpass's major security breach, I'm greatly concerned (probably like many of you) and looking to migrate away. If you do it from Firefox extension or Mac app, it appends each time you run it (so even passwords you already deleted are still included.) On web (signing via Lastpass homepage), it yields only partial results. TLDR: The Lastpass export function doesn't work reliably.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |