this post was submitted on 23 Jun 2026
51 points (98.1% liked)

Technology

85651 readers
3864 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
51
LastPass confirms data breach in Klue supply chain attack (www.bleepingcomputer.com)
submitted 2 hours ago by WhatsHerBucket@lemmy.world to c/technology@lemmy.world
11 comments fedilink hide all child comments
top 11 comments
sorted by: hot top controversial new old
[–] mereo@piefed.ca 4 points 49 minutes ago

I selfhost Vaultwarden on my server. I use the Bitwarden client to access my passwords.

[–] Prove_your_argument@piefed.social 19 points 2 hours ago (1 children)

At least it's just salesforce data and not actual vaults and secrets.

I moved away from these guys a long, long time ago when they started upping subscription costs.

[–] spaghettiwestern@sh.itjust.works 9 points 2 hours ago (1 children)

When Logmein acquired LastPass in 2015 I moved to Keepass and haven't looked back. If the word enshittification existed back then it would have applied perfectly.

[–] Prove_your_argument@piefed.social 10 points 2 hours ago (3 children)

I went with bitwarden and signs are pointing to them going to shit now.

Maybe it's time for me to keep ass.

[–] Jagget@programming.dev 6 points 2 hours ago

keep ass with keepass

[–] WindyRebel@lemmy.world 2 points 1 hour ago

What signs are pointing to them going to shit? I don’t exactly keep up on this stuff, but I use their product and it is perfectly fine for me.

[–] spaghettiwestern@sh.itjust.works 2 points 2 hours ago

Keepass & Syncthing has worked for years without an issue, even though my DB is opened on multiple devices at once. It is rare (once or twice a year) that I have a minor, easily solved sync problem.

[–] Faceman2K23@discuss.tchncs.de 5 points 1 hour ago

Haven't used Lastpass since the logmein deal rubbed me the wrong way, went to dashlane for many years but they had some security scares just recently. now I self host Vaultwarden, which is a bitwarden compatable server.

for maximum security I could have it local only and connect to it via VPN directly, but I put it behind nginx, with SSL, fail2ban with only my IPs whitelisted and a geofilter on top of that. so even if someone did manage to make it to the login page of the admin panel, they'd need a 30 digit passphrase and an email address username that only exists for that one application, get it wrong once and you are blacklisted.

[–] one_old_coder@piefed.social 15 points 2 hours ago

Again? It happens a lot to them.

[–] adarza@piefed.ca 4 points 1 hour ago

lastpass is already on my 'stay far away from' list, and have been on it for years:

https://en.wikipedia.org/wiki/LastPass#Security_incidents

[–] WhatsHerBucket@lemmy.world 8 points 2 hours ago

The Klue supply chain attack was claimed by the Icarus extortion group, who compromised the infrastructure of the AI-powered market intelligence platform and stole OAuth tokens that connected customers' Salesforce environments.

At least someone is finding good use for AI lol