Cyber Actor used fake LastPass death claims to get password from customers

[fullfitlarry]

For those who are using LastPass, there is a new threat campaign against you thru phishing email. It contains email telling that a family member is requesting access to their LastPass vault by uploading a death cert.



What to do:

• If you receive a suspicious phone call claiming to be from LastPass, simply hang up and please send us an email with the details of the call to abuse@lastpass.com.
• If you receive a suspicious text claiming to be from LastPass, please send a screen capture of the text to abuse@lastpass.com. 
• If you receive an email you believe may be related to phishing, please forward the email as an attachment to abuse@lastpass.com.

The thing is that the malicious URL or IP associated with the attacks includes crypto exchanges as well.

http://sasg.coinbase-com.info/

https://new.sas-cas-0072.sasg.coinbase-com.info/

http://144-2-13-133.fwd.coinbase-com.info/

http://0-0.coinbase-com.info/

http://coinbase-com.info/

http://010203.coinbase-com.info/

https://824346-coinbase.com/

https://195834-coinbase.com/

http://www.files.mycoinba.se/

http://fwd.coinbase-com.info/

http://195834-coinbase.com/

https://df-apartment.coinbase-com.info/

http://853221-gmail.com/

http://cian.156953coinbase.com/

https://sas-cas-0072.sasg.coinbase-com.info/

http://new.sas-cas-0072.sasg.coinbase-com.info/

https://108-174-4-13.fwd.coinbase-com.info/

http://www.ia.admin.sportsbook.coinbase-com.info/

http://ia.admin.sportsbook.coinbase-com.info/

https://swan-btc.com/

http://eagle.coinbase-com.info/

http://cstudyin.coinbase-com.info/

http://cpanel.eticaret17.coinbase-com.info/

http://canary-finance-modserver-content.g03.coinbase-com.info/

http://raw.coinbase-com.info/

http://users.coinbase-com.info/

http://codeew54384r99vahe.afzal.coinbase-com.info/

http://cdn3327353g3.secure0117.coinbase-com.info/

http://18912-coinbase.com/

http://b3130432.yst.coinbase-com.info/

http://analytics.auth.node-camodemoing.container.toolbar.raw.coinbase-com.info/

http://ddr.test.coinbase-com.info/

http://f63b.cceng.coinbase-com.info/

http://media.g03.coinbase-com.info/

http://av.cc.coinbase-com.info/

http://now.comsivasl.xui.ptlogin2-unauthorized.coinbase-com.info/

http://a.coinbase-com.info/

http://clearance.animeclu15634.coinbase-com.info/

http://plusrewards.com.au.coinbase-com.info/

http://144-2-17-238.fwd.coinbase-com.info/

http://anb4u.coinbase-com.info/

http://comweb3139.coinbase-com.info/

http://kayakerpro.coinbase-com.info/

http://108-174-1-236.fwd.coinbase-com.info/

http://gateway3.test.coinbase-com.info/

http://googledesk-ssl.com/

http://cloudmonitor.ccg13.slc.coinbase-com.info/

http://7w-test-xinfo761te-xserver-com.coinbase-com.info/

http://dev.secure.web4311.coinbase-com.info/

http://stage2d0144.stage.coinbase-com.info/

http://forum.san2invoice.cn.coinbase-com.info/

http://i761bd.coinbase-com.info/

http://ynwp.coinbase-com.info/

http://desktickets-ssl.com/

http://origin-community.alumni.dev.qasas-reg-0057.sasg.coinbase-com.info/

http://taas.mobilenow-05portal.platform.aws.coinbase-com.info/

http://7jdy-n8ny.coinbase-com.info/

http://pinsents.ne13e.coinbase-com.info/

http://ne13e.coinbase-com.info/

http://000extranet.pinsents.ne13e.coinbase-com.info/

http://27954383-coinbase.com/

http://108-174-9-166.fwd.coinbase-com.info/

http://env-358e0272.gcp.coinbase-com.info/

http://okbsok7788.coinbase-com.info/

http://www.18912-coinbase.com/

http://8x8wiki.coinbase-com.info/

http://twittertaporg.coinbase-com.info/

http://wheeya88.coinbase-com.info/

http://maintenance.casino.coinbase-com.info/

http://nzg.coinbase-com.info/

http://www.dev.prod.ultradns.coinbase-com.info/

http://ssl-127-0-0-1-goo-gl.com/

http://518256-coinbase.com/

https://dev.884394-coinbase.com/

http://ggl-desk-line.com/

http://177954coinbase.com/

http://dev.185126-coinbase.com/

http://adsov.coinbase-com.info/

http://www.bigdata.mycoinba.se/

https://kazan.mycoinba.se/

https://paypal-gateway.coinbase-com.info/

https://desktickets-ssl.com/

https://files.mycoinba.se/

https://127253-ledger.com/

http://binancetickets.com/

https://187253-uphold.com/

https://853221-gmail.com/

https://156253-gemini.com/

https://1835304-coinbase.com/

https://helpdesk-google.com/

sasg.coinbase-com.info

0-0.coinbase-com.info

0dc-dozeo.coinbase-com.info

108-174-4-13.fwd.coinbase-com.info

127253-ledger.com

144-2-13-133.fwd.coinbase-com.info

15.bflo.coinbase-com.info

156253-gemini.com

157253-kucoin.com

158253-kraken.com

167253-binance.com

177253-coinbase.com

177954coinbase.com

187253-uphold.com

195023-coinbase.com

195834-coinbase.com

197253-trezor.io

209-64-116-245.coinbase-com.info

2c8nteg.coinbase-com.info

2fnl-nl.is-is.ro-ro.fbjs.coinbase-com.info

518256-coinbase.com

6491770-review-bump-rails-otpkqb.gs-staging.coinbase-com.info

7226119-coinbase.com

7jdy-n8ny.coinbase-com.info

7nl.gw2-c79ci-cwcasersail11.virtualail08.na1.coinbase-com.info

824346-coinbase.com

845223-ledger.com

853221-gmail.com

884394-coinbase.com

8x8xpc.coinbase-com.info

_.mobilenow-05portal.platform.aws.coinbase-com.info

ac.perf.coinbase-com.info

admin.177954coinbase.com

adsupport-google.com

airbnb-actions.coinbase-com.info

airbnbadu.coinbase-com.info

airbnbarenal.coinbase-com.info

airbnbfirm.coinbase-com.info

alfabank.156953coinbase.com

analytics.auth.node-camodemoing.container.toolbar.raw.coinbase-com.info

api.177954coinbase.com

app.f02.qsty.vip.kks.ynwp.coinbase-com.info

apps.177954coinbase.com

aru.coinbase-com.info

auth-cb.com

auth.node-camodemoing.container.toolbar.raw.coinbase-com.info

av.267.coinbase-com.info

avito.auth-cb.com

aws.coinbase-com.info

aws.inst.coinbase-com.info

b.coinbase-com.info

b.i761bd.coinbase-com.info

backend.com.coinbase-com.info

backyard.coinbase-com.info

bcmone.mypasskey.info

bdhcp.coinbase-com.info

bflo.coinbase-com.info

bid-colorparty001ptn.coinbase-com.info

bigdata.mycoinba.se

binancetickets.com

blog.coinbase-com.info

bom7.rilo.coinbase-com.info

bot.156253-gemini.com

brand.coinbase-com.info

cancel-google.com

chineseculturepre.coinbase-com.info

cian.156953coinbase.com

cinco.internal.coinbase-com.info

cmdbywww.cian.156953coinbase.com

co.coinbase-com.info

co.crime-data-explorer.fr.chineseculturepre.coinbase-com.info

coinbase.passkeysetup.com

comsivasl.xui.ptlogin2-unauthorized.coinbase-com.info

confluence.dev.secure.giaitri.coinbase-com.info

cpanel.eticaret17.coinbase-com.info

crh.coinbase-com.info

cs92-ord.coinbase-com.info

customer.coinbase-com.info

dcl5-ord.cs92-ord.coinbase-com.info

ddr.test.coinbase-com.info

desktickets-ssl.com

dev.177954coinbase.com

dev.2c8nteg.coinbase-com.info

dev.aru.coinbase-com.info

dev.loumbxs1419ipmi.coinbase-com.info

dev.mycoinba.se

dev.wyoming.coinbase-com.info

docs.mypasskey.info

doppler-za.coinbase-com.info

dpnewsraidafaee29b171094d70f1daf1be2f4936e1.profile.lax-m.coinbase-com.info

duvvneyvppwww.bcmone.mypasskey.info

e.coinbase-com.info

ec.coinbase-com.info

ejvkcwww.a.cceng.coinbase-com.info

elapse.coinbase-com.info

env-358e0272.gcp.coinbase-com.info

env-784255b0.gcp.coinbase-com.info

epghkwww.ac.perf.coinbase-com.info

eu-central-8stagecomboweb8.aws.inst.coinbase-com.info

eu-west-1.prodaa.coinbase-com.info

f63b.cceng.coinbase-com.info

files.mycoinba.se

fwd.coinbase-com.info

ggl-desk-activity.com

ggl-desk-archive.com

ggl-desk-line.com

gitlab.177253-coinbase.com

googledesk-ssl.com

gs-staging.coinbase-com.info

gw2-c79ci-cwcasersail11.virtualail08.na1.coinbase-com.info

help-coinba.se

helpdesk-google.com

hostmaster.coinbase-com.info

images.mypasskey.info

info.156953coinbase.com

inst.coinbase-com.info

itp.coinbase-com.info

kurallarikaldir.doubleheart.www.coinbase-com.info

lastpassrecovery.com

login.177954coinbase.com

m.177954coinbase.com

mail.195834-coinbase.com

mail.adsupport-google.com

media.156253-gemini.com

megamarket.156953coinbase.com

mta-sts.mypasskey.info

mtf.truaxis.coinbase-com.info

mycoinba.se

mypasskey.info

na1.coinbase-com.info

nas-tenfootui.itp.coinbase-com.info

nieuw.mypasskey.info

now.comsivasl.xui.ptlogin2-unauthorized.coinbase-com.info

passkeysetup.com

perf.coinbase-com.info

portal.177954coinbase.com

prod.ne1.g04.coinbase-com.info

prod.ultradns.coinbase-com.info

qsty.vip.kks.ynwp.coinbase-com.info

ramen.coinbase-com.info

random.auth-cb.com

raw.coinbase-com.info

redditdriverfix.coinbase-com.info

redditmeld.coinbase-com.info

s4.search-skynetcultura.coinbase-com.info

sas-cas-0072.sasg.coinbase-com.info

smtp.7226119-coinbase.com

smtp.adsupport-google.com

sportsbook.coinbase-com.info

ssl-127-0-0-1-goo-gl.com

ssl-192-168-29-122-goo-gl.com

ssl-4-4-192-1-g-o-o-g-l.com

ssl-8-8-9-8-goo-gl.com

stage.mypasskey.info

summary.mypasskey.info

support.auth-cb.com

swan-btc.com

teams.coinbase-com.info

testing.177954coinbase.com

tjqqpcmdbywww.cian.156953coinbase.com

ultradns.coinbase-com.info

users.coinbase-com.info

vghvdsupport.177253-coinbase.com

virtualail08.na1.coinbase-com.info

vishnuvardhan.coinbase-com.info

web4311.coinbase-com.info

webapp-stg.coinbase-com.info

ww3.156953coinbase.com

www.127253-ledger.com

www.156253-gemini.com

www.157253-kucoin.com

www.158253-kraken.com

www.1835304-coinbase.com

www.187253-uphold.com

www.195023-coinbase.com

www.197253-trezor.io

www.27954383-coinbase.com

www.298193-coinbase.com

www.518256-coinbase.com

www.853221-gmail.com

www.884394-coinbase.com

www.airbnbadu.coinbase-com.info

www.alfabank.156953coinbase.com

www.avito.auth-cb.com

www.avito.mycoinba.se

www.bcmone.mypasskey.info

www.binancetickets.com

www.cancel-google.com

www.cmdbywww.cian.156953coinbase.com

www.coinbase-com.info

www.com.manishclubforum.coinbase-com.info

www.confluence.dev.secure.giaitri.coinbase-com.info

www.dev.prod.ultradns.coinbase-com.info

www.eis.customer.coinbase-com.info

www.ggl-desk-archive.com

www.ggl-desk-line.com

www.goldapple.156953coinbase.com

www.googledesk-ssl.com

www.help-coinba.se

www.images.mypasskey.info

www.info.156953coinbase.com

www.mta-sts.mypasskey.info

www.passkeysetup.com

www.random.156953coinbase.com

www.random.auth-cb.com

www.secure.web4311.coinbase-com.info

www.ssh.156953coinbase.com

www.ssl-4-4-192-1-g-o-o-g-l.com

www.ssl-8-8-8-8-goo-gl.com

www.ssl-8-8-9-8-goo-gl.com

www.unsync-trezor.io

www.ztoehcian.156953coinbase.com

wyoming.coinbase-com.info

xshhqabyss2.vip.ssk.ynwp.coinbase-com.info

yahooirak.coinbase-com.info

ycnkmowa.passkeysetup.com

ytygkwww.dcl5-ord.cs92-ord.coinbase-com.info

zkesowww.e.coinbase-com.info

new.sas-cas-0072.sasg.coinbase-com.info

156953coinbase.com

https://blog.lastpass.com/posts/possible-cryptochameleon-social-engineering-campaign-targeting-lastpass-customers-and-more

[Cryptohygenic]

What's was all the links in the quote for? I think the link of your source of information would had be just okay.
I know that some beginners will fall victims even to one of this common schemes of clicking links. It is also good as we keep creating the awareness as much we gets the phishing alerts so we can always enhance our security measures.
An experience user will not even bother to proceed clicking on link to cancel an application that you never initiated. It is an obvious phishing alert on that one.
With a common sense if someone submitted such application to the site then then the company is expected to deal with the applicant directly. It has nothing to do with the platform users. For me that is still alive and had my device protected from second parties there is need to be skeptic and skip the message.

[PostQuantumBTC]

Just do not use LastPass again, I am wondering why people are still using it. My password manager is made up of a notebook instead.

Most of the time I use email to recover my accounts.

[xmrhopium]

For those who are using LastPass, there is a new threat campaign against you thru phishing email. It contains email telling that a family member is requesting access to their LastPass vault by uploading a death cert.
-snipped-

There's a high chance that many users on this forum have never heard of this apps, or if they have, they've never used it before but I don't know what is the main purpose of creating this post and quoting some unnecessary vague of untrusted links? but I've always assumed that people mostly manage their own passwords and keep with them privately somewhere else.

Also, it's very terrible idea trusting some third party apps by paying some subscription fees believing that guarantees security and let em log into any sites, apps or whatever without remembering passwords (which sounds only helpful but....), who knows.

I would never trust such apps or software that claims to offer these kinds of password management services even in free which seems only useless and maybe even unsafe.

What to do:

• If you receive a suspicious phone call claiming to be from LastPass, simply hang up and please send us an email with the details of the call to abuse@lastpass.com.
• If you receive a suspicious text claiming to be from LastPass, please send a screen capture of the text to abuse@lastpass.com.  
• If you receive an email you believe may be related to phishing, please forward the email as an attachment to abuse@lastpass.com.

What to do? lmao, this sounds more like it is copy paste work from software’s faq's. Instead, if users feel suspicious or notice any threats, they should change their passwords immediately and stop using LastPass. Or even now......after threats news circulated over internet, hell no way again keeps using this app further.

[Satofan44]

If you are using a service like LastPass then this is entirely your own fault. There is a sufficient number of open-source and offline alternatives for password managers. Nobody can phish you if you are not registered anywhere and your email is not exposed. Here are some resources:
https://itsfoss.com/open-source-password-managers/
https://www.privacytools.io/secure-password-manager

Don't be lazy pricks and complain about having to occasionally manually synchronize between multiple devices. You are not that busy in life, you are just lazy idiots if you need services that automatically synchronize using cloud somebody else's computer.

Just do not use LastPass again, I am wondering why people are still using it. My password manager is made up of a notebook instead.

Good, but it is not a viable option for most.

There's a high chance that many users on this forum have never heard of this apps, or if they have, they've never used it before but I don't know what is the main purpose of creating this post and quoting some unnecessary vague of untrusted links? but I've always assumed that people mostly manage their own passwords and keep with them privately somewhere else.

Also, it's very terrible idea trusting some third party apps by paying some subscription fees believing that guarantees security and let em log into any sites, apps or whatever without remembering passwords (which sounds only helpful but....), who knows.

It does not matter whether it is LastPass or some other password manager. I can guarantee you that if a person has a password manager, it is a 3rd party online one in most cases. The same applies to users here -- don't think that the average user here is more familiar with security than the average person.

What to do? lmao, this sounds more like it is copy paste work from software’s faq's. Instead, if users feel suspicious or notice any threats, they should change their passwords immediately and stop using LastPass. Or even now......after threats news circulated over internet, hell no way again keeps using this app further.

There are threats all the time. Funny how my offline password manager never comes up in the news like this, right?  

[libert19]

That email is kind of funny, people should be wary of anybody who creates sense of urgency.

Lastpass was first password manager I started using, but after it's breaches, I moved to offline password managers (password safe, keepassDX), they never ask you for email, no possibility of receiving such mails.

[joniboini]

Just do not use LastPass again, I am wondering why people are still using it.

A lot of people just like convenience, just that. It's not surprising that the majority of people like an easy-to-use platform like that. I also have a suspicion that people like to have a third party to blame whenever something goes wrong, or someone who can help if they make mistakes. Unless they learned the hard way, it's hard to convince them to move to a self-hosted/open-source password manager, unfortunately.

[AVE5]

Just do not use LastPass again, I am wondering why people are still using it.

A lot of people just like convenience, just that. It's not surprising that the majority of people like an easy-to-use platform like that. I also have a suspicion that people like to have a third party to blame whenever something goes wrong, or someone who can help if they make mistakes. Unless they learned the hard way, it's hard to convince them to move to a self-hosted/open-source password manager, unfortunately.

That's the best simple truth. I also wonder why people would optimistic with the decentlized blockchain system but couldn't afford to store their seed phrase and private within themselves without relying on a authenticated third party source.
I really don't find it reasonable to have digital assets that can only be accessed with my private keys and even with the numerous told and the untold online phishing attacks and scamming strategies and yet having the courage to store my wallet address and access keys in the same internet.
Perhaps my assets can be online while access keys is store offline to atleast curb against the internet threats with the stealing of users informations stored online.

[Amphenomenon]

If you are using a service like LastPass then this is entirely your own fault. There is a sufficient number of open-source and offline alternatives for password managers. Nobody can phish you if you are not registered anywhere and your email is not exposed. Here are some resources:
https://itsfoss.com/open-source-password-managers/
https://www.privacytools.io/secure-password-manager

Don't be lazy pricks and complain about having to occasionally manually synchronize between multiple devices. You are not that busy in life, you are just lazy idiots if you need services that automatically synchronize using cloud somebody else's computer.

I wonder if they do have a personal attachment with this platforms and after all the data breaches and crisis they are still acting loyal until they become victimizes and start thinking why life ain't fair where as someone was too lazy to take responsibility and find an alternative.

[DYING_S0UL]

No lastpass = No Data breaches leaks attacks or anything LOL!
I know many people still to this date uses password managers, but in my opinion it's an unnecessary thing. In fact I have never used one and doing just fine. After hearing about all those online data leaks attacks, I'm a little skeptical about using one. Even if someone recommends me one, I don't think I will be using it. It's just I don't trust these 3rd party apps anymore, so I would rather just use a pen and paper if I really need to keep a note!

Funny how my offline password manager never comes up in the news like this, right?  

Btw, just out of curiosity which one are you referring to? 

[coupable]

Just do not use LastPass again, I am wondering why people are still using it.

A lot of people just like convenience, just that. It's not surprising that the majority of people like an easy-to-use platform like that. I also have a suspicion that people like to have a third party to blame whenever something goes wrong, or someone who can help if they make mistakes.

I think those are the same reasons for cryptocurrency users not to save their funds in private non-custudial wallets. But rather they prefer using third parts (exchangers or web-wallets), until they realized how much their private data is exposed. Pushed by fearness, their intention is to have someone to blame whenever something wrong occurs.

I have never used any of those password managers because i don't see a valid reason to do so when i can use a text file to save my private info/keys. Those who prefer to use it have no rights to blame anybody for breaching their secret codes.

[Darker45]

Just do not use LastPass again, I am wondering why people are still using it.

A lot of people just like convenience, just that. It's not surprising that the majority of people like an easy-to-use platform like that. I also have a suspicion that people like to have a third party to blame whenever something goes wrong, or someone who can help if they make mistakes. Unless they learned the hard way, it's hard to convince them to move to a self-hosted/open-source password manager, unfortunately.

It's ironic that in their desire for convenience every step of the way, they have to encounter hassles. And with all these phishing emails, texts, even calls, convenience turns into inconvenience. It's now becoming hard to know which one is legit and which one isn't. So, for every call, "send us an email with the details of the call". For every text, "send a screen capture of the text". For every email, "forward the email as an attachment".

Why can't they just manage those little things themselves?

[osasshem]

For those who are using LastPass, there is a new threat campaign against you thru phishing email. It contains email telling that a family member is requesting access to their LastPass vault by uploading a death cert.



The thing is that the malicious URL or IP associated with the attacks includes crypto exchanges as well.

This is pure scam or a phishing mail, which I am sure will be found in the spam box of an email and not the main mail box, except one registered with them and permitted mails from such sources to come directly to the inbox. I haven't used LastPass before, and seeing this, I don't even think of using it in future. When it comes to storing my passwords/usernames of different accounts created online, I store them offline, with the manual pen and paper form of storing passwords, keys, phrase etc.

It is possible that people will still fall to such scam, when calls and messages are being received from the LastPass, but it will cost nothing to confirm/find out if the claims are true or not before taking heed to the messages they have provided.

[Satofan44]

A lot of people just like convenience, just that. It's not surprising that the majority of people like an easy-to-use platform like that. I also have a suspicion that people like to have a third party to blame whenever something goes wrong, or someone who can help if they make mistakes. Unless they learned the hard way, it's hard to convince them to move to a self-hosted/open-source password manager, unfortunately.

There is no reason to mask laziness with convenience. This is something that has been used to justify that people are behaving in bad ways. 99.99% of users who use the cloud or centralized synchronization methods are not busy enough in their lives to warrant them to use those over manual methods. The cloud is just a scam branding for "someone else's computer". Imagine being so lazy and stupid that you are voluntarily giving your own data to someone else, and you are paying him for it. None of these people are too busy to the point where carrying an extra USB stick would be too much effort, don't give them excuses with "convenience". With the amount of time that they are wasting every day on Netflix and Social media, saving a few minutes by using the cloud is not justifiable. Therefore, call them what they really are -- lazy retards.

I wonder if they do have a personal attachment with this platforms and after all the data breaches and crisis they are still acting loyal until they become victimizes and start thinking why life ain't fair where as someone was too lazy to take responsibility and find an alternative.

I don't think it is about attachment to brands, see my post above. When Dropbox appeared, it was a new brand and new service that nobody had. Many people quickly jumped to use it.

Funny how my offline password manager never comes up in the news like this, right?  

Btw, just out of curiosity which one are you referring to?  

You can use KeePass and KeePassXC. The latter looks pretty modern and it has most of the feature set of any paid and centralized password manager. There is really no reason to use anything else other than FOSS here. To manually synchronize one just needs to copy a single file between devices. This seems it is very difficult for the modern busybodies, right?  

KeePass is a very proven and feature-rich password manager and there is nothing fundamentally wrong with it. However, it is written in C# and therefore requires Microsoft's .NET platform. On systems other than Windows, you can run KeePass using the Mono runtime libraries, but you won't get the native look and feel which you are used to.

KeePassXC, on the other hand, is developed in C++ and runs natively on Linux, macOS and Windows giving you the best-possible platform integration.
https://keepassxc.org/docs/#faq-keepass

[DYING_S0UL]

A lot of people just like convenience, just that. It's not surprising that the majority of people like an easy-to-use platform like that. I also have a suspicion that people like to have a third party to blame whenever something goes wrong, or someone who can help if they make mistakes. Unless they learned the hard way, it's hard to convince them to move to a self-hosted/open-source password manager, unfortunately.

There is no reason to mask laziness with convenience. This is something that has been used to justify that people are behaving in bad ways. 99.99% of users who use the cloud or centralized synchronization methods are not busy enough in their lives to warrant them to use those over manual methods. The cloud is just a scam branding for "someone else's computer". Imagine being so lazy and stupid that you are voluntarily giving your own data to someone else, and you are paying him for it. .....snip

I couldn't agree more! One could simply take the manual approach and make the backup themselves with just a few steps! And how many minutes it might take? Not more than 5, I guess! But no! Because of our so called  convenience, we rely on these third party cloud based apps.platforms. And when data breaches happens, what do we say? Ow nooo we got fucked up! The hell with this platform the hell with that platform, LOL

You can use KeePass and KeePassXC. The latter looks pretty modern and it has most of the feature set of any paid and centralized password manager. There is really no reason to use anything else other than FOSS here. To manually synchronize one just needs to copy a single file between devices. This seems it is very difficult for the modern busybodies, right?  

I wouldn't say busybudies but lazyassesss!

Btw, thank you for the suggestion, will take a look!

I already like them...

No cloud, no ads, no subscriptions...- improvised - no bullshit

[sokani]

I appreciate Lastpass warning their users, but I'm a little bit curious. How did the malicious actor get hold of the personal information of the users at the first place? It didn't just fly into the hands of bad actors. I'm aware there was a data breach in 2022, but is there a recent data breach Lastpass is not telling anyone? Well, this is one of the reasons I prefer writing down my password on a notebook because anything connected to the internet is not safe.

[DYING_S0UL]

I appreciate Lastpass warning their users, but I'm a little bit curious. How did the malicious actor get hold of the personal information of the users at the first place? It didn't just fly into the hands of bad actors. I'm aware there was a data breach in 2022, but is there a recent data breach Lastpass is not telling anyone? Well, this is one of the reasons I prefer writing down my password on a notebook because anything connected to the internet is not safe.

I did some diggings on that 2022 lastpass incident and found out that the breach originated from a compromised developer account/device. Somehow the attackers managed to gain access via malware/keylogging/remote access and used that to make backup of customer's meta data (username, email etc)! So I guess similar thing can also happen now. Nothing is truly safe when it's online. If hackers were able to compromise it back then, it's fair to assume, its' not unrealistic to think they can find a way again, as we all already know, how atttacks like these becoming more sophisticated day by day.