- This photographer captures airplane’s technicolor rainbow trails by CNN. Amazing photograph!
- A man was charged with fraudulently earning more than 42 million frequent-flyer miles worth $1.75 million by Business Insider.
- Citigroup stands by card strategy despite economic clouds by Reuters.
- Google Warns LastPass Users Were Exposed To ‘Last Password’ Credential Leak by Forbes. Another day, another data breach. Particularly bad when it’s a password manager.
Deals starting/expiring at the end of today or starting today (view the full deal calendar here):
- Amex Offers: Get 15% Back At Starbucks (Max $5)
- [Targeted MN, MI, IL, WI, CO, AZ & SD] TCF Bank $250 Checking Bonus – Direct Deposit Optional
Deals starting/expiring at end of tomorrow:
- SoFi: Refinance Student Loans And Get 1 Southwest Point Per $2, Up To 50,000 Points Total
- U.S. Bank $300 Online Checking Bonus
Here are some of the most popular posts from past few days:
Am I the only one who thought the “card strategy” Citigroup stands by is “removal of all benefits” rather than “trying to find people who would get the 21 month 0 APR BT cards, as well as paying them back and continue to carry balance on the cards when the APR changes to 27%”?
Not sure which one is more risky though 😉
Man what a shame, and just when he was so close to finally collecting enough Skypesos for a First Class ticket 😉
Of course Delta values their miles at 4.16cpp when filing a lawsuit.
+1. Noticed that ridiculous mile value also.
Like others have mentioned in much more detail, this isn’t a breach. It was a flaw that was detected by a team in Google that explores security flaws and was highlighted to LastPass.
There is no evidence that this was used by a website or entities to malicious effect. Many publications are carrying sensationalized headlines for click-bait but the facts need to be highlighted.
The bug is funny because they’re named LastPass…and the last pass you used wasn’t secure. Oh, the irony.
To be clear, LastPass was not compromised. There was a bug in their browser extension which would cache the last used password, and if you went to a malicious website and clicked the LastPass icon then they could read your last password you used, using LastPass.
They already fixed it and rolled it out to everyone prior to Google making it publicly known there was a potential issue.
FTA:
“To exploit this bug, a series of actions would need to be taken by a LastPass user including filling a password with the LastPass icon, then visiting a compromised or malicious site and finally being tricked into clicking on the page several times,” Kun said, “any potential exposure due to the bug was limited to specific browsers (Chrome and Opera.)”
You’re assuming that everyone being interviewed about a potential breach is telling the whole truth all the time, always. “There’s nothing to worry about” and “the problem has since been resolved” are definitely the most diplomatic responses to avert widespread panic.
Could you imagine if a password manager HAD been breached? Oh, the scandalous irony and the earth-shattering outrage that would ensue. I imagine it’s only a matter of time, but we the endusers won’t really have much say until it’s too late.
In any event, this is yet another reason why I always recommend KeePassXC or another client-side password manager over centralized, online password management services. Too much risk if you trust others with your login info.
KeePassXC versus KeePassX? I use the latter.