I just moved my Last Pass account to Bitwarden and all the experts I’ve heard recently on You Tube have suggested that Last Pass data is still exposed until they re-flash their database. Is that something to worry about? If it is, is there a way to force a deletion of your account details from their system?
Isn’t this a question best asked here:
or here ?
Most of us that switched to Bitwarden deleted our LastPass accounts/vaults.
I migrated to Bitwarden back in August, after the first Lastpass announcements.
I’d already identified a method for bypassing LastPass 2FA and gaining access to the vault via Windows Hello. I reported it via Bug Bounty and was told that this was a ‘known issue’ from 2017 and still hadn’t been patched. I’d also spotted the iterations issue in 2021 and had reported it to LastPass. They couldn’t have cared less. The data breach was the final straw.
I didn’t immediately delete my account, because I was worried about the migration process. I did, however, go around and change all my high value passwords and 2FA.
Given the latest revelations, I’ve now deleted my account in LastPass and am going ‘full nuclear’.
- New email account.
- Old email accounts added as mailboxes for the new account.
- ‘Disposable’ email addresses created.
- Changing all log in credentials to use either new email address or disposable email addresses.
- I will keep the old email address active, to prevent anybody else grabbing the address and using it to impersonate me.
@JohnC Also, make certain you turn off LastPass auto-renewal.
I won’t provide the exact method.
Absolutely 100% this.