The best Hacker News stories from All from the past week

from

All Show

from the past*

day week month

with these search terms:

Create follow Go back

Latest posts:

Ask HN: How did my LastPass master password get leaked?

Hi,<p>I've just had a bizarre thing happen and wanted to see if the HN community could come up with some theories as to what happened.<p>LastPass blocked a login attempt from Brazil (it wasn't me). According to an email I received from LastPass, this login was using the LastPass account's master password. The email doesn't look like it's a phishing attempt.<p>What troubles me is that the master password was stored in a local encrypted KeePassX file.<p>I can imagine that someone has my KeePassX file and the (completely different) password to this file. If that's the case, I'm in a world of hurt.<p>But are there any other possibilities? Is the email from LastPass accurate i.e. was the login attempt actually using my master password? Is there some LastPass extension installed on some computer still having a valid auth token allowing them to login as me to LastPass..?<p>I'm really confused, and scared.<p>Thanks for your help.<p>P.S. The LastPass account had 2FA set up, but I was able to simply remove it (since I didn't have access to the token anymore). That's scary too -- what's the point of a 2FA you can remove...??<p>---<p>Update:<p>- the email was truly not phishing -- the same information regarding the login attempt appears in my LastPass dashboard. I also talked to LastPass support over the phone, and they confirmed seeing the same information.<p>- There are 2 separate users in the thread below confirming that the same exact same thing happened to them, from the exact same IP range as me.<p>Either the 3 of us had the same malware/Chrome extension or somehow had our master passwords compromised...? Or...? Is this a LastPass issue?

Ask HN: How did my LastPass master password get leaked?

Hi,<p>I've just had a bizarre thing happen and wanted to see if the HN community could come up with some theories as to what happened.<p>LastPass blocked a login attempt from Brazil (it wasn't me). According to an email I received from LastPass, this login was using the LastPass account's master password. The email doesn't look like it's a phishing attempt.<p>What troubles me is that the master password was stored in a local encrypted KeePassX file.<p>I can imagine that someone has my KeePassX file and the (completely different) password to this file. If that's the case, I'm in a world of hurt.<p>But are there any other possibilities? Is the email from LastPass accurate i.e. was the login attempt actually using my master password? Is there some LastPass extension installed on some computer still having a valid auth token allowing them to login as me to LastPass..?<p>I'm really confused, and scared.<p>Thanks for your help.<p>P.S. The LastPass account had 2FA set up, but I was able to simply remove it (since I didn't have access to the token anymore). That's scary too -- what's the point of a 2FA you can remove...??<p>---<p>Update:<p>- the email was truly not phishing -- the same information regarding the login attempt appears in my LastPass dashboard. I also talked to LastPass support over the phone, and they confirmed seeing the same information.<p>- There are 2 separate users in the thread below confirming that the same exact same thing happened to them, from the exact same IP range as me.<p>Either the 3 of us had the same malware/Chrome extension or somehow had our master passwords compromised...? Or...? Is this a LastPass issue?

Ask HN: What is your spiritual practice?

Your day-to-day one?

Ask HN: What is your spiritual practice?

Your day-to-day one?

You block ads in your browser, why not in your city?

You block ads in your browser, why not in your city?

Tell HN: You are not alone this Christmas

Hi, my Christmas is solitary this year, no family or friends. I'm not even having a Christmas dinner. I'm not sad about this, though. It's just the way it is. What I wanted to say is, if you are in the same situation, you are not alone. So have a virtual hug from me.

Tell HN: You are not alone this Christmas

Hi, my Christmas is solitary this year, no family or friends. I'm not even having a Christmas dinner. I'm not sad about this, though. It's just the way it is. What I wanted to say is, if you are in the same situation, you are not alone. So have a virtual hug from me.

Microsoft forked MIT licensed repo and changed the copyright [fixed]

Microsoft forked MIT licensed repo and changed the copyright [fixed]

Ask HN: What's the best book you read in 2021?

Yearly thread. It can be books published on 2021 or in previous years (but that you read this year.)

Running your own email is increasingly an artisanal choice, not a practical one

Running your own email is increasingly an artisanal choice, not a practical one

Wish HN: Happy Holidays

Wish HN: Happy Holidays

Ask HN: Those making $500/month on side projects in 2021 – Show and tell

It seems this question hasn't been asked for some time, so I'd be interested hear what new (and old) ideas have come up.

Tinder just permabanned me or the problem with big tech

Regulators Shut Down Lending Platform (YC Alum) LendUp

Tell HN: AWS appears to be down again

Console is flickering between "website is unavailable" and being up for my team. This is happening very frequently just now, reliability seems to have taken a hit.

Stealth bomber in flight on Google Maps