Neverending_Rain t1_j1gj6vr wrote on December 24, 2022 at 4:07 AM

Reply to comment by Fit-Anything8352 in The Lastpass hack was worse than the company first reported by glawgii

From what I saw in the other thread they did leak a ton of personal info and what sites the passwords were used for, which is still a huge problem.

They're not going to crack the passwords and get into the accounts, but the hackers will be able to look through all that info to find valuable targets for further phishing attacks, or blackmail targets. There is a ton that can be done just by knowing what websites someone has accounts on.

The average person will probably be fine, but this can still cause huge problems for some Lastpass users.

rob_zombie33 t1_j1gkg55 wrote on December 24, 2022 at 4:19 AM

I agree. I believe I was a target in this manner after a different hack very shortly after the company admitted it happened. They never notified me though, so when I received a call claiming to be them and knowing detailed information of my account I believed it was them. I ended the call and didn't engage further with them but noticed a lot of repeat calls from the same number. I knew then it was a scammer and the company announcement I saw led me to contact them to confirm they were not trying to reach me in any way. Be on the lookout folks and take caution with anyone trying to reach you. If they are trying to engage you about something tell them to send you something by mail or to give you a number to callback later to see what happens.

QuietlyZen t1_j1hh29x wrote on December 24, 2022 at 11:19 AM

Agree with all but the last. Never trust a number that they give you, or that shows on caller ID. Instead call a number you know to be good through other means

rob_zombie33 t1_j1hxh3h wrote on December 24, 2022 at 2:25 PM

That's a good point, you are right that it could be spoofed. In my case when I asked for a number, they said I couldn't call them back and they will call me later. The number on caller id was definitely not a number the real company used as I determined with an actual company representative. It may help in this way to identify a fraud, but yes it won't help to verify that it isn't a fraud just seeing a legitimate number.

From what I gathered, this scammer was attempting to gather enough information for an account takeover. I immediately closed the account with the company, they can fuck off for not having good security measures.

asdaaaaaaaa t1_j1hhcpf wrote on December 24, 2022 at 11:23 AM

> There is a ton that can be done just by knowing what websites someone has accounts on.

I'm waiting for that mass "oh shit" moment when the larger populace actually begins to understand how much you can do with large amounts of meta data. It's scary.