Hacker News new | past | comments | ask | show | jobs | submit | bnmathm's comments login

I have to believe that if hackers hit the treasure trove of Lastpass customer passwords, Instagram is not going to be their first target. We'd be seeing financial fraud first and foremost, likely sparingly at first, to not alert everyone to the fact that all of our passwords are compromised.


Your probably right, but I'd assume financial attacks would be highly targeted after verifying they have the proper passwords via using places like FB that will just ignore you endlessly if your account is hacked.


> We have determined that an unauthorized party, using information obtained in the August 2022 incident, was able to gain access to certain elements of our customers’ information. Our customers’ passwords remain safely encrypted due to LastPass’s Zero Knowledge architecture.

Sure sounds like they found passwords or keys in the development environment breach back in August, and nobody bothered to change those after knowing they were hacked.


The most shocking thing for me. The real stopper for anyone who is still trying to keep their trust in LastPass.


prime-age employment available by state anywhere?


Authorize is down, status page is down,

Endicia (USPS Postage) Label Server API went down about the same time.

Perhaps something larger going on.


Digital Ocean and Nest both had incidents this morning as well.


FTA, Intel confirms? https://security-center.intel.com/advisory.aspx?intelid=INTE...


I'm pretty sure that's actually GBR - Great Britain.


It definitely is; look at the actual (hi-res) presentation: http://www.theguardian.com/world/interactive/2013/jul/31/nsa...


I'm not sure how they expect to save users' credit card details in a way that can be transferred to the airlines. Can't store the CVV code at all, and everything else is supposed to be encrypted.


They can perform a initial auth against the device with the CVV for zero dollars (depending on the interchange network), then from then on perform recurring charges without the CVV at a higher interchange fee. That shouldn't be a problem since airline tickets are higher margin, low volume, purchases.

It mostly comes down to Kayak's business agreements with Visa/Mastercard etc and the airlines involved.

Edit: additionally the article doesn't say it's built yet, so they probably have several road blocks to hit yet. On top of that, they could always ask for CVV when actually making the purchase. Not like you wouldn't have your wallet on you if you have your iPhone


Oh, so you think that Kayak will actually be charging me for the ticket -- that would be easy. I got the impression that Kayak would be storing my credit card details and automatically fill out the appropriate airline's website forms in the background... which would require storing all of my credit card details with reversible encryption.

Also, according to my processor there is no interchange fee difference for using CVV or not. There is a financial incentive for address verification, but not CVV. Maybe this varies by processor.


It certainly varies by processor, CVV is important for card not present transactions.

I think the tone the author of the article took, and the author's understanding of the technology mislead him/her to make it seem that way.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: