Viewing a single comment thread. View all comments

sometimesome t1_j1h8nyu wrote

Oh man i feel so stupid right now. I have so many questions. I had a few reset emails come at me while reading about this. Already moved to a different cloud based one that doesn’t get hacked every year. At first i thought ok they got hacked a few years back now they will double down on security- so they will be safer than the ones that didnt get hacked. 🙃

Alright my 2 questions to help me take better action. Hope someone can help, this may help others going through this right now too

  1. Silly obvious question but i need to ask it to be super sure: when you say they have the vault offline does this mean my new masterpassword online and some important ones that i have now deleted from my online vault, will not stop them from from accessing my old offline vault with the old password with the now deleted entries as well?

  2. Within a password file i would keep important private notes, not a secure note, but the field within a password entry, i cant find if this field was encrypted or was it fully visible too in the hack?

4

HanaBothWays t1_j1hkhwk wrote

> Already moved to a different cloud based one that doesn’t get hacked every year.

Respectfully, you don’t know how often they get hacked, they probably just Don’t disclose it the same way. But any password vault provider is gonna be an attractive target for hackers.

5

sometimesome t1_j1hlyhf wrote

Yes youre absolutely right, just know a few people that use 1password service with apple watch 2fa, and dont have time today of all days to figure out which self service to choose, how to setup and keep secure etc. but long term definitely need to do so

1

Gaspar099 t1_j1i6td7 wrote

>Within a password file i would keep important private notes, not a secure note, but the field within a password entry, i cant find if this field was encrypted or was it fully visible too in the hack?

On Last pass website, they are telling:
"LastPass Secure Notes is your personal Fort Knox notes app. Just like your Password Vault, Secure Notes is encrypted at the device-level, meaning personal data – Wi-Fi passcode, credit card info, password hints, and more – is protected from anyone who isn't you."

Meaning they are encrypted as well.

2

billsonbobq2q t1_j1jbze9 wrote

>will not stop them from from accessing my old offline vault with the old password with the now deleted entries as well?

Correct. They have a backup from months ago. While changing your master pw is a good idea, it doesn't remove what's already been taken.

>Within a password file i would keep important private notes, not a secure note, but the field within a password entry,

Everything I've read says the notes fields were encrypted. The URL field was exposed, as well as your name and email attached to your specific vault file.

2