Alert for LastPass Users, The Breach in August was Worse Than Expected

[scottyseng]

Summary

 

In the previously mentioned breach in August, Lastpass mentioned encrypted data was downloaded but still secure. However, this recent update states the breach is worse than expected as actors can brute force decrypt the copied backup vaults that were removed out of their Lastpass secured cloud containers. Lastpass is advising users to reset and update all passwords, especially the master password.

 

Quotes

Quote

"The threat actor may attempt to use brute force to guess your master password and decrypt the copies of vault data they took. Because of the hashing and encryption methods we use to protect our customers, it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices."

 

My thoughts

As a Lastpass user myself, this is quite unsettling news compared to the original news about the breach back in August. I'll be resetting and moving all of my passwords to Bitwarden. I was in the process of doing so but with this recent update, I'll have to rush start that process. This is mainly a warning to any fellow Lastpass users like myself, or even former users, to start changing passwords immediately.

 

Sources

https://arstechnica.com/information-technology/2022/12/lastpass-says-hackers-have-obtained-vault-data-and-a-wealth-of-customer-info/

 

https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/

[TempestCatto]

That's gotta suck major for everyone involved. Imagine buying a product as a solution to a problem (not remembering passwords, reusing old ones, weak passwords, etc) only to have all that thwarted by some hack. I'm lucky that I can just use the remember passwords feature in Firefox, but I also write them down on pen and paper, and store that in my fire safe. Maybe old fashioned ways aren't so obsolete.

[Arika]

i'm glad they got rid of the free tier, because now i have something better...no way i was going to pay for that shit.

[Spotty]

Just now, Arika S said:

i'm glad they got rid of the free tier, because now i have something better...no way i was going to pay for that shit.

They didn't get rid of the free tier. They just nerfed the free tier so you could only use Lastpass on either desktop or mobile, not both.

[Arika]

Just now, Spotty said:

They didn't get rid of the free tier. They just nerfed the free tier so you could only use Lastpass on either desktop or mobile, not both.

that's kind of worse than just getting rid of it completely.

[RedSpade]

Is this so bad though? Particularly considering the master password would have to be compromised first, in which case it's no different to logging into your account through brute force to begin with (excluding 2FA which isn't required on all accounts). Along with the above the brute forcing would have to be done on a case by case basis.

 

I'll be honest, I'm not concerned even though I use LastPass.

[Fasterthannothing]

19 minutes ago, RedSpade said:

Is this so bad though? Particularly considering the master password would have to be compromised first, in which case it's no different to logging into your account through brute force to begin with (excluding 2FA which isn't required on all accounts). Along with the above the brute forcing would have to be done on a case by case basis.

 

I'll be honest, I'm not concerned even though I use LastPass.

Not that I'd ever use LastPass willingly but I do think people are blowing this out of proportion if you can brute force the master password of course you have access.

[Skiiwee29]

54 minutes ago, Spotty said:

They didn't get rid of the free tier. They just nerfed the free tier so you could only use Lastpass on either desktop or mobile, not both.

 

52 minutes ago, Arika S said:

that's kind of worse than just getting rid of it completely.

This is why I switched my PW manager from LastPass to Kaspersky Password Manager and deleted my LastPass account like 2 months ago.

[miagisan]

Thankful i switched from LastPass to Bitwarden a few months before this happened. Seems like I dodged a bullet.

[wanderingfool2]

3 hours ago, scottyseng said:

As a Lastpass user myself, this is quite unsettling news compared to the original news about the breach back in August

Honestly from the news I read back in August I thought the concept of changing your password was already something that you should do.

 

With that said, as long as you used a sufficiently strong master password it's not like you have too much to really worry about.

[scottyseng]

Just now, wanderingfool2 said:

Honestly from the news I read back in August I thought the concept of changing your password was already something that you should do.

 

With that said, as long as you used a sufficiently strong master password it's not like you have too much to really worry about.

I'll admit fault with myself of hoping of not having to reset 200+ accounts, but I had a reasonable master password but it's not very comforting knowing the databases are out there. Currently having fun slowly migrating to Bitwarden Family.

[Needfuldoer]

5 hours ago, RedSpade said:

Is this so bad though? Particularly considering the master password would have to be compromised first, in which case it's no different to logging into your account through brute force to begin with (excluding 2FA which isn't required on all accounts). Along with the above the brute forcing would have to be done on a case by case basis.

 

I'll be honest, I'm not concerned even though I use LastPass.

It's faster than brute-forcing the live login, because they won't get a "you entered the wrong password too many times, so we won't let you try again for X minutes" timeout working on a local file.

[Zodiark1593]

16 minutes ago, Needfuldoer said:

It's faster than brute-forcing the live login, because they won't get a "you entered the wrong password too many times, so we won't let you try again for X minutes" timeout working on a local file.

Depending on how strong the master password is, we’re still talking a significant percentage of the age of the universe. 
 

Though people with weak passwords should probably be sweating. 

[SeriousDad69]

tfw the unencrypted .txt document on my desktop full of my passwords is more secure than a million dollar "secure your passwords" company lol

I've always felt that password managers are partial snake oil tbh, just like VPNs. Both are coincidentally marketed to and bought by the same crowd.

[jammiescone]

Must admit I'm wondering where to go from here - I get a free LastPass Family membership through my employer, and have been preparing to onboard the rest of my family, but now I'm wondering if it's smart to continue - I'm waiting for the 'actually we stored some of your passwords in plaintext by accident' email...

[SeriousDad69]

37 minutes ago, Zodiark1593 said:

Depending on how strong the master password is, we’re still talking a significant percentage of the age of the universe. 
 

Though people with weak passwords should probably be sweating. 

IDK man, depends on what hardware the hackers have available. Apparently the 4090 is a password demolishing beast, and I doubt most people have one of those Mr. Robot "abtbgo23i2nG*&GF(*ASFUoiAHF908a()Ad" passwords. According to this video, one 4090 can crack an 8 character Windows NTLM password consisting of uppercase, lowercase, numbers, and special characters in 40 minutes. I don't know enough to say how impressive that is or isn't, but when it's still a challenge to get people to make their password something stronger than "Football1" it doesn't bode well.

[vertigo220]

This is why I use KeePass. I trust having the database local, in my possession, far more than in the cloud. Years ago, when I first started using password managers, I first tried LastPass (or possibly 1Password, so long ago I don't remember for sure) and of course, almost right after setting it up and adding my passwords, they had a breach. That's when I decided I wasn't doing that anymore.

 

5 minutes ago, SeriousDad69 said:

IDK man, depends on what hardware the hackers have available. Apparently the 4090 is a password demolishing beast, and I doubt most people have one of those Mr. Robot "abtbgo23i2nG*&GF(*ASFUoiAHF908a()Ad" passwords. According to Chick3nman on Github, one 4090 can crack an 8 character Windows NTLM password consisting of uppercase, lowercase, numbers, and special characters in 40 minutes or less. I don't know enough to say how impressive that is or isn't, but when it's still a challenge to get people to make their password something stronger than "Football1" it doesn't bode well.

Every additional character makes it exponentially harder, though. An 8-character password hasn't been overly challenging for a while now. A 16-character password would likely still take a 4090 far longer to crack than it would be worth. Anything past probably 20-characters, good luck. My master password is >40 characters PLUS I use a keyfile for good measure. Unfortunately, many (most?) people are far too careless and lazy with their passwords. Most people don't even use a password manager at all.

 

1 hour ago, Needfuldoer said:

It's faster than brute-forcing the live login, because they won't get a "you entered the wrong password too many times, so we won't let you try again for X minutes" timeout working on a local file.

I could be wrong, but I seem to recall it also allows them to bypass 2FA somehow. Might be misremembering and mixing that up with something else, though.

[Needfuldoer]

6 minutes ago, vertigo220 said:

Every additional character makes it exponentially harder, though. An 8-character password hasn't been overly challenging for a while now. A 16-character password would likely still take a 4090 far longer to crack than it would be worth. Anything past probably 20-characters, good luck. My master password is >40 characters PLUS I use a keyfile for good measure. Unfortunately, many (most?) people are far too careless and lazy with their passwords. Most people don't even use a password manager at all.

 

[vertigo220]

13 minutes ago, Needfuldoer said:

 

https://www.linkedin.com/pulse/xkcd-wrong-cyber-security-ryan-byrd/

https://proton.me/blog/protonmail-com-blog-password-vs-passphrase

[Zodiark1593]

58 minutes ago, SeriousDad69 said:

IDK man, depends on what hardware the hackers have available. Apparently the 4090 is a password demolishing beast, and I doubt most people have one of those Mr. Robot "abtbgo23i2nG*&GF(*ASFUoiAHF908a()Ad" passwords. According to this video, one 4090 can crack an 8 character Windows NTLM password consisting of uppercase, lowercase, numbers, and special characters in 40 minutes. I don't know enough to say how impressive that is or isn't, but when it's still a challenge to get people to make their password something stronger than "Football1" it doesn't bode well.

I've been at 15-17 character passwords for some time. While adding more GPUs provides a linear increase in performance per, adding additional characters increases the number of possibilities by an exponential amount. With 96 characters to choose from, an 8 character password contains in excess of 7 quadrillion possibilities. Adding a single character to that increases the possible combinations to nearly 700 quadrillion. A near 100-fold increase in potential crack time for the addition of one character. At 10 characters, we're at about 66 sextillion possibilities. You can see where this goes from here.

 

To be fair, a single card being able to run through multiple quadrillions of potential passwords in under an hour is still extremely impressive. Just that it's not going to best the power of exponents anytime soon.

 

And as you've said, for a lot of users, their passwords are unlikely to require RTX 4090 performance to guess anyway.

[LAwLz]

Didn't we use to have a thread about the data breach? I am looking for it right now because I talked about the implications of someone obtaining the database. But the thread seems completely gone. Did some mod delete it?

 

Anyway, whether or not how big of an issue this is depends on a few things.

1) How strong your master password is.

2) The specifics of how LastPass has implemented their cryptography.

 

 

I am really not a fan of how silent LastPass seems to be about how their service works and what has happened. For example they mention that some parts of the database is not encrypted at all, and that the hackers have obtained that, but they don't mention which parts aren't encrypted more than the URLs not being encrypted. That is a pretty massive oversight if you ask me. I don't really get why they wouldn't encrypt everything.

 

 

I couldn't find anything about whether or not the unencrypted information can be used to tie a database to someone. If for example the email address used to login is part of the unencrypted fields then all of a sudden the attacker can search for email addresses and see all websites that person has saved credentials for. It also makes a targeted attack very likely.

Is the master password hint/reminder part of the unencrypted fields? 

 

Also, why did it take them about 4 months to announce this?

 

 

 

My recommendation to everyone is to change your passwords (all of them) and if you are a paying LastPass customer, migrate to BitWarden. They seem more open and doesn't lock basic features behind a paywall.

 

 

 

Edit: I tried to look at their security audit to try and find details about their format, but it seems to me like they don't actually do security audits of their code.

The security audits they publish on their website is about their organisation. Their audits does not seem to actually inspect the code and look for vulnerabilities, but rather it looks at things like "are employees allowed to make changes to the code at will", "does the office have locks on the doors", "do different employees have different privileges". Those are all good things to check, but I don't think that's what people expect when they hear that LastPass has third party security audits.

 

Here is the latest LastPass audit.

 

Here are the audits BitWarden does contrast. They also have SOC 3 compliance report (since those things are important), but in addition to that they have reports such as their security assessment and network security assessment reports, where a third party firm actually looks at the source code (and network), tries to exploit it and then presents the findings in a transparent report. It actually lists the vulnerabilities found, if they were fixed and the code for the fix (in the cases that was needed).

I think that's what customers think of when they hear a third party security audit. 

[yolosnail]

I just use the Google password manager built into Android and Chrome.

Might as well give all my data to one company rather than spreading it out!

[FloRolf]

6 hours ago, Needfuldoer said:

 

 

5 hours ago, vertigo220 said:

https://www.linkedin.com/pulse/xkcd-wrong-cyber-security-ryan-byrd/

https://proton.me/blog/protonmail-com-blog-password-vs-passphrase

Isn't that calculation actually wrong? 

Like what's 28/44 'bits of entropy'? 

The first password "Tr0ub4dor&3" has 11 characters which are upper/lower case, numbers and special characters, so it chooses from ~80 different characters 

The second one "correct horse battery staple" while having 28 characters, only chooses from 27 possible characters (lower case alphabet + " ") 

 

That means first password has 80¹¹ possible combinations while the second has 27^28. 

Not taking dictionary attacks into consideration, 27^28 is still a much higher number, but at the suggested 1000 tries/s 80¹¹ still takes around 27 Billion years to bruteforce and not 3 days. 

 

Am I wrong or is the comic wrong?

 

[wanderingfool2]

6 hours ago, SeriousDad69 said:

According to this video, one 4090 can crack an 8 character Windows NTLM password consisting of uppercase, lowercase, numbers, and special characters in 40 minutes.

Thing is passwords scale exponentially.  Even adding in an additional 2 lowercase letters would add a complexity of 676x.  If you mix caps and upper still, it's 2704x

 

The recommended password lengths now is also 14-16 characters.  So even naively assuming lowercase/upper cases as the additional 6 characters, is 19,770,609,664x.  If you had 100,000  4090's it would still take 15 years

[vertigo220]

2 hours ago, FloRolf said:

 

Isn't that calculation actually wrong? 

Like what's 28/44 'bits of entropy'? 

The first password "Tr0ub4dor&3" has 11 characters which are upper/lower case, numbers and special characters, so it chooses from ~80 different characters 

The second one "correct horse battery staple" while having 28 characters, only chooses from 27 possible characters (lower case alphabet + " ") 

 

That means first password has 80¹¹ possible combinations while the second has 27^28. 

Not taking dictionary attacks into consideration, 27^28 is still a much higher number, but at the suggested 1000 tries/s 80¹¹ still takes around 27 Billion years to bruteforce and not 3 days. 

 

Am I wrong or is the comic wrong?

 

Not sure about the calculations. The point of the articles is that even with lower entropy, a random password is still better because entropy isn't even actually applicable when brute-forcing passwords, as a dictionary attack will be used due to anything else simply taking too long on a password of decent length. It's like saying a password that can be guessed by dictionary attack in a couple days but takes 1,000,000,000 years to brute-force is better than a password that "only" takes 100,000 years to brute-force but can't be guessed with a dictionary attack, and a dictionary attack is what will be used.