More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • DrCake@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    ·
    1 year ago

    I’m not 100% but I think Bitwarden actual encrypt the entire ‘password object’. So the url, username, password, and any notes. Lastpass didn’t/doesn’t encrypt the url so if anyone gets access to the vault, they have a list of websites where the person will have an account and can more accurately send phishing emails.

    • Fushuan [he/him]@lemm.ee
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      It encrypts the entire vault iirc, not the objects themselves. The only thing a breach cound gain access to is the encrypted vault, the hashed master password and the master email.