Security News > 2023 > January > S3 Ep116: Last straw for LastPass? Is crypto doomed? [Audio + Text]
LastPass finally admits: Those crooks who got in? They did steal your password vaults, after all.
Actually your passwords were encrypted, but the websites and the web services and an unstated list of other stuff that you stored, well, that *wasn't* encrypted.
If you don't change all your passwords, and they manage to crack your [old] master password, they've got an offline copy of your account.
You can imagine how, for things like cracking passwords, if you could do that that would be a significant advantage, wouldn't it?
The password guessing it carried around its own dictionary of 400 or so words, and it didn't have to guess *everybody's* password, just *somebody's* password on the system.
You chose to do it in a way that anybody else who got hold of that data, by fair means or foul, now or later, doesn't even have to crack the master password like they do with LastPass.