Insane to me that one of the only people in the company with the keys to the corporate vault was able to do anything work-related on a personal machine!
@ElectricGears
Жыл бұрын
Exactly, that's what upgraded LastPass's responsibility from a serious mistake to INTENTIONAL gross negligence. There is literally no excuse.
@TheJoBlackos
Жыл бұрын
It depends. We don’t know much of what happened, but if you use cloud instance for work and you keep everything on that instance you can still use your personal device to connect to that instance. Data should obviously stay on your work cloud instance but you can use any device to access it
@kpwlek
Жыл бұрын
yeah completely stupid.
@kpwlek
Жыл бұрын
@@TheJoBlackos sorry dude there is no it depends... you just do not do that..
@marcogenovesi8570
Жыл бұрын
@@TheJoBlackos if you can access the cloud instance with all your stuff on it from any device, you have fffed up. The workstations must be locked down and controlled from the IT department, you can't let any yahoo VPN on the company servers from his gaming rig
@GrassDaddy
Жыл бұрын
This just boggles my mind. They should have extreme security measures and are missing basic ones.
@wavemakersdj
Жыл бұрын
What bothers me also on this hack is the lack of better multi factor auth from lastpass dev environment. No hardware key? A yubikey being required on the vault sso login would have stopped it instead of basic auth app that someone just always says yes to. What was the lastpass response? "We'll add pin auth on the app to make it better". No, GET A HARDWARE KEY. They provide that functionality for users, why not their own devs? Blows my mind.
@misardrochemaniii
Жыл бұрын
Absolutely agree; this isn't a company that runs a music app or something; this is a password manager company. Their security should be a tier above everyone. Do the DevOps engineers need access to these keys? probably not. Hopefully, they're specific to those backups. The lack of visibility is pretty shocking. Sure, they were an engineer, but they found it hard to differentiate between malicious and normal behaviour. Still... the fact that decrypting the data in the S3 bucket that contains encrypted backups isn't something that immediately triggers an alarm is shocking.
@elksalmon84
Жыл бұрын
Just key isn't enough. It should have at least 5-factor authorization. And it shouldn't be all-in-one solution, as key could be stolen. Even if key is protected.
@yipshingho1510
Жыл бұрын
In the article, they mentioned that they did have MFA. However they got the password from the key logger, which it then was used to decipher the encrypted DB the hacker got in another incident. 2 incidents, 1 to steal the password and 1 stole the DB.
@giggadan
Жыл бұрын
I believe the discussion was that the employee was running a old version of plex on a personal computer that had access to the company logins. If the user had updated plex it wouldve patched the exploit. This made me open my eyes on port fowarding plex and other services which I've now put behind a reverse proxy to help mitigate issues.
@FlaxTheSeedOne
Жыл бұрын
A reverse proxy does not inherantly make it save or mitigate the problem. It just allows you to run more security features on the sites behind it. You still have to harden the system and keep everything up to date.
@giggadan
Жыл бұрын
@@FlaxTheSeedOne yea I keep everything updated and am running plex in a docker container so hopefully its as secure as I can get it. I could take it a step further and lockdown to whitelisted IPs but I need to see how that affects the plex app. For now it prevents a bruteforce method which is how most attacks would play out at scale.
@marcogenovesi8570
Жыл бұрын
the best way to lock down those kinds of services is to publish them on a VPN network like zerotier or Nebula (that are designed to easily "join" nodes on wildly different networks as if they were on the same virtual LAN) and install the vpn client on your devices. Keeping anything facing the internet is just bad
@misardrochemaniii
Жыл бұрын
@@giggadan IP whitelisting is good, but you can still mimic an IP address in the packet headers depending on the software - if you can't set up a tunnel or VPN, you can probably configure a password on the page using your proxy. That means if someone tries to go to your plex web page they need to authenticate with your web server first; it's not ideal - but it's a layer of security as they can't communicate with plex until they get through that first layer. Hopefully, you'd get an alert or see some dodgy logs before then.
@magicker8052
Жыл бұрын
@@marcogenovesi8570 that sounds cool
@JustinShaedo
Жыл бұрын
Imagine the irony if it was due to a password reuse.
@leerv.
Жыл бұрын
That would indeed be just too rich
@paulstubbs7678
Жыл бұрын
Or worse, done because lastpass was a pain to use in this case
@christopherjackson2157
Жыл бұрын
Its always bugged me how google and outlook try to link personal and work accounts.
@cvnis957
Жыл бұрын
This is why Privileged Access Workstations (PAW) are a thing and quite important. Administrators, IT consultants, MSP, really anyone managing systems should use dedicated management systems for sensitive tasks.
@macbitz
Жыл бұрын
The thing that gets me is that Lastpass have been very selective with the information they have released. They have not mentioned the low iteration count that many long-time users were grandfathered in to (and did not automatically correct this behind the scenes). They have also not mentioned how much data in the Lastpass blobs (vault files) was actually store without sufficient or even any encryption. They have really played down the risks involved, for example that at some point in the future, Lastpass users might start to be the victims of very specific phishing attacks.
@kofeyh
Жыл бұрын
Any business not controlling system-wide credentials in 2023 should probably read this from lastpass, and reevaluate their approach. Centralised, controlled secure location for credentials, with auditing, is sort of the bare minimum that one might expect for a company that quite literally provides that type of capability for others. Suspect this event will be exampled for a lot of security talks in future.
@AntonioPetrelli
Жыл бұрын
The real reason why people use home computer for work is because the work computer is full of suspicious tracking software, or software that comes in the way, or you need another OS, or an always on VPN that catches all the traffic. Or because the company computer is underpowered and your company won't give a new one.
@gl35
Жыл бұрын
Writing down passwords in a little paper notebook is beginning to look more secure. Back to basics.
@DanielleWhite
Жыл бұрын
This is one of many reasons I have always kept work and personal strictly separate.
@USAbLaSt
Жыл бұрын
Cloud-based password managers was the BEST IDEA EVER. 🙄
@gfynando
Жыл бұрын
That forensics is impressive that they found somewhat of the workflow. But it could have also been a VOIP phone in the home network. Not everyone/company will have 100% protection. And the use of Microsoft Authenticator that was used in the attack was just updated as the attack happened, which is kind of odd.
@elksalmon84
Жыл бұрын
Use FOSS alternatives to Microsoft and Google Authenticators. And always encrypt them as well, using biometrics.
@davinp
Жыл бұрын
LastPass should not have allowed its employee to access their vaults or sensitive data on a personal computer at home. They should have provided the employee a work laptop to take home that has up to date software and is secure. Companies and government agencies cannot provide this to personal computers
@dpn1604
Жыл бұрын
Yeah, organisations will never learn until they get brwched. And C level execs are the worst at avoiding policies!
@JustinShaedo
Жыл бұрын
So. Very. True.
@chrits3396
Жыл бұрын
After hearing this I feel glad that I made a work WiFi network that is on its own VLAN.
@eliotmansfield
Жыл бұрын
Wired vlan would be better
@JonathanTucker1ls
Жыл бұрын
If they had breached his home Plex server, they would be on the a known IP address accessing his company network, therefore no security alerts. That a good reason to use a company VPN, so it can easily be disconnected, removing the ability of the hackers to accessing the company network, from his home IP address.
@awarepenguin3376
Жыл бұрын
if anyone is still using lastpass after today's revelation then I will pray for you
@phgamer4393
Жыл бұрын
people still are. the thing is just because last pass got hacked doesn't mean onepassword or others arent also compromised. Theres not many good internal network only alternatives either (as people wanna sell you a product) so i imagine a lot of corporations are still using it.
@davidsomething4867
Жыл бұрын
I wonder how many people have left LastPass.
@oleksandrlytvyn532
Жыл бұрын
I still use LastPass. I have bought Bitwarden subscription but I'm "a little lazy" to change all the passwords and migrate over
@davidsomething4867
Жыл бұрын
@@oleksandrlytvyn532 I changed all the passwords as I migrated over to another provider, deleted all the credentials stored on LastPass and cancelled premium membership. Even created a unique email account for only use of the password manager.
@dexterwestin3747
Жыл бұрын
I'm leaving for sure but I had just my re-upped my annual subscription before this breach (silly me, thinking after their first breach they would take this much more seriously) and LP said "no refunds".
@spudgossie
Жыл бұрын
Well up till 8 minutes and 29 seconds ago I thought that repeatedly using a simple password for "ordinary" sites was ok. I was wrong. +1 subscriber
@NullStaticVoid
Жыл бұрын
I've worked for a few biotech and media companies that had more rigorous security than Lastpass. Such as the one place I worked that was part of a merger. After the merger our new NY based HQ made us kick everyone off our VPN that wasn't using a company laptop with company approved image on it. I bent the rules for one guy and we let him VPN through a backdoor kind of thing meant for other purposes. But that laptop wasn't a personal. It was an old production machine which would not take a new image due to drivers. And there wasn't budget for another 10k laptop to do the same job. We had so much segmentation there were separate laptops in edit suites to access the internet, through a VM. There was no direct internet access from our entire production network, period.
@networknightmares7744
Жыл бұрын
This was clearly a sophisticated attacker with very tailored access. Is there ANY suggestion yet as to the APT involved?
@OldePhart
Жыл бұрын
comes down to just one guy ending up destroying a company that depends on a good reputation.
@Wigglythegreat2
Жыл бұрын
The company should have access set up so that what he did isn't even possible.
@_ColdAssHonkey_
Жыл бұрын
It is probably safe to say "an EX dev-ops engineer was using his personal computer for business use."
@RK-ly5qj
Жыл бұрын
i used that example with business regarding Sec Policy [BYOD] - bring your own device, where i was opposed allowing such scenerio, where you can use your own device woring remotly ;)
@marcogenovesi8570
Жыл бұрын
BYOD is an invention of middle managers that have no idea of how security works and only see the savings of not having to buy hardware. BYOD is just bad for pretty much everything
@MrsCyImsofly
Жыл бұрын
Thank you 😊
@GabrielKozsar
Жыл бұрын
I write my passwords down into a ABC sorted notebook , if I forget the passwd i go check. Considering to buy HW key to add another layer of security. I also keep excel sheet with passwds on a encrypted storage offline to be safe. Was tempted to use LastPass or something similar but trusting somebody else prevented it. Hehe
@thelogoth
Жыл бұрын
Do we know which media software? Curious why this isn't more of a focus..can't the rest of us be hacked by the same vulnerability?
@shutthegate8232
Жыл бұрын
What a clusterf*.k. Far out. Effectively leaving many people shafted... potentially, if the miss one of the entries in their vault of a password change once they move the entire lot to another service.
@TechySpeaking
Жыл бұрын
Keep your software updated. Don't use your personal computer for work.
@-joggs-
Жыл бұрын
What is the animated desktop wallpaper in the background?
@firdausbibrahim
Жыл бұрын
Love the T-shirt! 😊
@MrKornnugget
Жыл бұрын
So I will say that I am sure some of this is due to the Covid lockdown, but to use a BYOD seems like a silly thing for LP to do. A laptop is very cheap.
@wzot
Жыл бұрын
What's the spinning globe animation(?) on the computer in the background?
@bme7491
Жыл бұрын
This is why, at least in the aerospace industry, you get fired if found doing company work on a personal resource.
@g0fvt
Жыл бұрын
As a paying customer of Lastpass the incident is worrying, with my computers I keep work and recreation to separate machines. I had heard that this was a corporate computer with Plex on it but that might not be the case. I do have 2FA set up on my Lastpass account but it is not clear whether that will help if the attackers have access to the encrypted data and can try a brute force attack. As others have previously said about this breach, it seems to be a targeted attack, but are the attackers after the data or destroying the company?
@networknightmares7744
Жыл бұрын
2FA does absolutely nothing for the security of the vault itself. It in no way makes it more difficult to decrypt once an adversary actually owns your encrypted vault.
@g0fvt
Жыл бұрын
@@networknightmares7744, I understand that but hopefully my account password is sufficient to keep them out of the encrypted hash. It has not been very helpful that the release of information has been slow, leaving customers not knowing what actions to take. Sadly it seems that customers might have had better security policies than the company.
@ptmigmag
Жыл бұрын
I would like to suggest a follow video with tips on how to configure pfsense to better secure a plex server. I believe there are a couple of ways to do this from vpn's to a simple vlan isolation with one way from lan access to manage files. As a fan of this channel i'm curious on how would you implement these security hardenings.
@LAWRENCESYSTEMS
Жыл бұрын
There is not really anything pfsnese can do extra to fix some issue that may come up with Plex. This video covers a home setup: kzitem.info/news/bejne/w6ColqajcmWmiXY
@ian230187
Жыл бұрын
Great video...A question: At 4.54, the article by Arcs tehcnica, it states that Plex reported a network intrusion on Aug 24, 12 days before the second incident commenced...Unable to understand this...Aug 24 and this Last pass incident was somewhere in feb 2023
@LAWRENCESYSTEMS
Жыл бұрын
Plex reported its own network intrusion on August 24, just 12 days after the second Lastpass incident commenced. They reported the incident on the 12th meaning it happened before then therefore could have been used.
@ian230187
Жыл бұрын
@@LAWRENCESYSTEMS thanks Lawrence for your response...my bad...this first and second incident i understand occured in last pass was in aug n nov 2022 and currently what is coming on the news are the observations by Mandiant on the RCA
@JohnDlugosz
Жыл бұрын
There are enough commercial VPNs that allow remoting to different geographical locations, so a threat actor in (say) Russia could come in from an IP address in (say) Dallas to match the geolocation of the developer he is impersonating. As for the initial issue of distinguishing threat activity from legitimate activity: If there is some suspected breach, shouldn't they immediately reset everyone's passwords?
@s2t4i6n9e
Жыл бұрын
I don't think that's what they said. I believe they only said that the access of his lastpass vault from his personal computer allowed the hackers to get access to his vault. Lastpass allows the linking of accounts: personal and business, and the mistake, I BELIEVE, that the developer made was to log into his business lastpass account from his personal computer, instead of logging into his personal lastpass account from his personal computer. If the developer had done this, the hackers would only have had access to his personal vault, but not his company's vault.
@LAWRENCESYSTEMS
Жыл бұрын
There should be no connection between your personal and business accounts.
@mikeydk
Жыл бұрын
I like LastPass, with that I will never lose any password again, all I need to do is to go online and pay someone to tell me what it was.......... ;)
@BrianMcBride-qv8gg
Жыл бұрын
how come that I learn about the December incident TODAY? WTF!!!
@blackfang441
Жыл бұрын
At this rate I might has well get a LastNotebook for my passwords. Sigh.
@larrywest42
Жыл бұрын
I think small and medium-size business users need to hold themselves to a *higher* standard than enterprise users. The latter have tools and staff monitoring for attacks, insurance, _et cetera._ And I recently saw a presentation that said most small businesses fold within six months of a successful ransomware attack.
@Turco949
Жыл бұрын
Most everyone, including the techie types worry about the security of their home or work computer where in reality, most methodical hackers use social engineering and go after online accounts. After all, that is where the noteworthy data is. All virus and malware scanners are, essentially, useless. Most people are clueless as to how much personal info they themselves share willingly on online forums, etc. A lot of people frequent multiple sites/forums where they are likely to be using the same or very similar pseudo user names thinking they are anonymous and protected. How many of your critical accounts use the same email address and password as the logon creds? Users are always the weakest link.
@errorcode1133
Жыл бұрын
Companies wanting to store real names, addresses, phone numbers, fingerprints and bottom prints without any real need for that should be out of business and problem solved. Any automatic payments should be initiated by the bank, so there is no need for data to be collected.
@TheAyrrow
Жыл бұрын
Completely newbie question here re a media server - I've been running jellyfin and a few other small utilities and I'm about to rebuild my homelab. I want to ensure it's locked down, it's only remotely accessible over zerotier & each device on LAN is firewalled - should I put the server on its own VLAN and only allow outgoing established/related?
@JustinShaedo
Жыл бұрын
1) Probably better to ask this in forums. 2) I'm no Lawrence, but depending on your access requirements, go ahead, why not?
@Pabula
Жыл бұрын
Do you still don’t recommend lastpass?
@LAWRENCESYSTEMS
Жыл бұрын
Nope
@kc0eks
Жыл бұрын
Somewhere else the media software mentioned was Plex
@Onii-chans-neko
Жыл бұрын
This is probably a stupid question. I use lastpass, but my yubikey is required to login on it and google and all that, i havn't changed my lastpass password since mentioned data breach >.> how big of a priority is it for me to change my lastpass master password? edit - i looked at the security bullatin and according to their questions, i shouldn't need to change mine (from my understanding of it)
@FlaxTheSeedOne
Жыл бұрын
You need to change all passwords stored in your Vault. The attackers exported a copy of the vault with all the hashes inside of it. So they basically have unlimited time and ressources to crack the hashes and passwords, or inject it into logins on different sites. Thus you need to change everything
@pbrigham
Жыл бұрын
If this guy have been using yubikeys LastPass will never have been hacked, you should change yours password NOW anyway.
@davidsomething4867
Жыл бұрын
You need to change all passwords in your vault as a first priority and ensure you use MFA on all the passwords (hardware token where possible). Change the master password to at least 21 characters strong password (or strong passphrase that only makes sense to you and include special characters) and check iterations. Beware of any suspicious emails potentially phishing that could be using info found in the vault or other info such as IP addresses accessing the vault.
@GrassDaddy
Жыл бұрын
This is only one of many issues they've had. Their lack of seriousness for security had me change password providers and change all my passwords.
@marcogenovesi8570
Жыл бұрын
change provider alltogether
@sijumathew7039
Жыл бұрын
It's not one red flag, it's multiple 1. Obviously, why allow to access work stuff from where he put his media software 2. How could 4 people get access without any cross check or authorisation 3. Was there no controls on aWs for ip restrictions for the corporate VPN? Just shocking 4. Why an access to S3 bucket and data out isn't red flagged immediately? That's just beyond stupidity 5. Why let any employee access S3 buckets with customer data 6. Why keep aws Access keys in a vault that he log in regularly (assume) I do respect the hacker for finding the vulnerability, which was LastPass idiocy. It was no technical challenge. This employee and this organization deserve no respect.
@andybradford6969
Жыл бұрын
I love darknet diaries!
@allbymyself85
Жыл бұрын
Maybe it's time to look at other solutions. Open source perhaps. I pay the premium for peace of mind but is it really worthy?
@LAWRENCESYSTEMS
Жыл бұрын
We use Bitwarden
@magicker8052
Жыл бұрын
Our plesk server got ransom wared.. as if I am going to cash for old episodes of the wire.
@elksalmon84
Жыл бұрын
There are types of "administrators" and "developers" that do not even have own computer. Look at all those video - one day of Twitter developer, one day of Microsoft developer etc. Sneaky toady guys that will squeeze themselves everywhere. They have no any technical experience or any technical way of thinking. And it's a plague of modern software development sector. As uneducated managers and headhunters prefer to hire communicable and sociable guys rather than real professionals. As of here, it's amazing how they have remote full access to production vault... It should be administered only from within.
@networknightmares7744
Жыл бұрын
If I were responsible for something with such a big target painted on it, I'd have my devs (and everyone else) using Qubes. Partition, partition, partition!
@PowerUsr1
Жыл бұрын
Well you mentioned it’s possible the user had a vpn client on his personal machine that allowed him to hit company assets over vpn. How do you lock down what devices can use the company vpn application? HIP checks for example aren’t supported in OpenVPN
@bmanwpg
Жыл бұрын
Certificates, MDM, HIP... Many ways to control what devices can connect to VPN.
@PowerUsr1
Жыл бұрын
@@bmanwpg If I’m using OpenVPN, HIP checks aren’t support as far as I can tell. How does MDM prevent an install on a personal computer?
@VilmaHallikas
Жыл бұрын
machine account certificates
@marcogenovesi8570
Жыл бұрын
keys or certificates on the businness PC where the user is NOT admin user so he cannot just copy them over to his home PC. If the user needs to do stuff where he needs admin or root access to a windows or linux system, you give them a VM instead than increasing their privileges. The workstation must be locked down and the user must NOT be admin on it, period.
@PowerUsr1
Жыл бұрын
@@marcogenovesi8570 so ideally I would use an external auth system + user certs. The certs will only be loaded into company assets. How’s that ?
@phgamer4393
Жыл бұрын
guard duty is too noisy at least when i tried it 4 years ago.
@alpachino468
Жыл бұрын
I imagine that dev was torn an infinite amount of new ones that day...
@CORPOR-iThomasKorb
Жыл бұрын
Hey Tommy from another Tommy
@LAWRENCESYSTEMS
Жыл бұрын
It's a good name
@PudgyCurmudgeon
Жыл бұрын
@@LAWRENCESYSTEMS It is such a good name that they even named a gun after it. 😁
@hasyidanparamananda
Жыл бұрын
I'm a user, should I move but I think it will be took so long times to move all of it... If I don't want to move what should I do? Do they get password inside account or only master account???
@MarcosRobertoDosSantosJF
Жыл бұрын
Move to Bitwarden, and change all your passwords. Use MFA if it is possible (not only for your Bitwarden account, but for everything).
@hasyidanparamananda
Жыл бұрын
@@MarcosRobertoDosSantosJF Ty for answer what is MFA? Do you mean 2FA like OTP etc? Oh yeah I forgot 1, After I move and change some password on important thing, what should I do with my LassPass? Change My Hardest Master Password and Leave it?
@MarcosRobertoDosSantosJF
Жыл бұрын
@@hasyidanparamananda Yes, sometimes 2FA is called as MFA (multiple factor authentication). Another tip is checking services that allow you to see and log out previous devices (like Apple ID, Google account and similar ones), so you can be sure that every device is kick out, and will need a new auth again. Lastpass allow for you to erase your account? I would change the master password before cancelling everything from them.
@michaelhall8529
Жыл бұрын
I was a LastPass customer since 2014 and I switched to 1Password. In the process, I changed the master password and changed every stored password to longer and more random passwords (i.e. from 12 characters to 19-24 characters). It took my wife and I about 1 1/2 days to make all the changes, but I feel MUCH more secure now. There are many problems with LastPass' security. 1) Changing the iteration count from 100100 to 600000 only SLOWS the cracking of the master password down, it doesn't stop it. 2) 600000 iterations stopped me from logging into LP from my mobile (S22 Ultra). 3) Nowadays, you need longer passwords (i.e. 15+) for security, but LP only encouraged 12-character passwords. 4) The MFA/2FA is only needed to download your vault. Once they have your vault, they have unlimited attempts to "unhash" your master password and open your vault - giving them access to EVERY account you have stored. With 1Password, I have a 32-character "secret key" that never leaves my device(s) but is needed to decrypt my passwords. A 20+ master password and a 32-character secret key moves the decrypting goalpost almost into the impossible realm, IMO.
@phgamer4393
Жыл бұрын
its possible the home network got compromised and attacked the work pc. most people still use the same network for work/home .
@TheJoBlackos
Жыл бұрын
There are lots of missing parts, but there is a way you can still use any device to connect to the company and still be compliant. The question is more: “Did the company had everything required to let the employees connect from any device “
@RBzee112
Жыл бұрын
The exploit would probably need to be on the same PC to gain admin access to the file system or load a key logger.
@hardlifting150
Жыл бұрын
Should have used a password manager 😂
@KeithOlson0326
Жыл бұрын
I wonder if it was a plex client and not the server
@nid274
Жыл бұрын
lastpass is an unnecessary bloatware when you have Google passwords....its probably a school project made into production and no wonder why many services enforce 2fa...
@gf2172
Жыл бұрын
As soon as they were bought out, then raised prices, should have turned everyone off lastpass immediately...
@TheJoBlackos
Жыл бұрын
It is weird to train cloud technology and being told the days of trust zones belongs to the past. Identity they say is the new thing we use to authenticate and authorize they say. Also, not sure what “zero trust” is…
@marcogenovesi8570
Жыл бұрын
zero trust is bs marketing. If you hear it, run
@davidpeters7447
Жыл бұрын
Zero trust is a buzzword and does not exist. Basically people are trusting “zero trust.” So how can it be “zero trust”
@TheJoBlackos
Жыл бұрын
@@davidpeters7447 I see what you try to point out, by the end of the day you are right, we do need to trust something to let you access the data. But the concept is going also way further than the authentication and authorization, that’s why I think it brings something better than we hat before it
@EndOfLineTech
Жыл бұрын
And that’s why bitwarden kids. And any major breach of a company like this that has everything on you? They should just close up shop
@damiendye6623
Жыл бұрын
at this point Lawrance it's to the point lastpass is pointless and more a liability than a security tool. they clearly have issues with process and real understanding of security processes and am glad I had already moved away with the 1 device nonse
@itstheweirdguy
Жыл бұрын
My understanding from reading the CVE from Plex shows that the attacker probably already had access to the dev ops computer and realized they were hosting plex with a vulnerable server version and hijacked the plex software to load a key logger. They must not pay a lot at LastPass if the dev needs to download illegal movies and tv shows and host them on their computer
@kristiannilsson494
Жыл бұрын
Newer trust this type of service WTA amateur service
@massgrave8x
Жыл бұрын
Thank god I left LastPass long ago after they killed multi-device usage for the free tier. Good riddance.
@kethahel99
Жыл бұрын
😂 "third party media software package" = a bit torrent client?
@Starcom70
Жыл бұрын
You don’t know if they were mixing their personal life with their business life they could’ve been just working from home. Maybe they had Covid or something. Just saying you’re making assumptions.
@LAWRENCESYSTEMS
Жыл бұрын
Plex is not a business app and working from home is not about using what ever computer is available, it's about using properly secured company devices. And those devices should be very locked down and monitored by the company.
@TechySpeaking
Жыл бұрын
first
@gcraig0001
Жыл бұрын
The LP blog didn't mention what action they took relative to the idiot who caused this. I would hope they had enough sense to fire him or her. There is no excuse for a supposedly qualified senior engineer to make this kind of mistake. Last Pass has a history of breeches caused by their own mistakes. Things didn't get any better when they were bought out, and I'll be surprised if this event will cause them to truly fix their deep rooted issues.
@MrSammy2043
Жыл бұрын
comment
@kamiidn6018
Жыл бұрын
😡😡😡😳😡😡😡😡😡😡
@kamiidn6018
Жыл бұрын
😂😂😂😂😂😂😂😡😭
@mitchellquartero
Жыл бұрын
I just left LastPass to move to 1Password last month
Пікірлер: 169