These kinds of breaches are at the site level. Not much you can do as a regular user if the company doesn’t hash or salt their passwords, for example.
Comment on God ****** dammit, here we go again
Joeffect@lemmy.world 3 weeks agoDon’t download shit from random websites… make sure its from legit places…
Kyrgizion@lemmy.world 3 weeks ago
Pika@sh.itjust.works 3 weeks ago
I believe they are replying to the article you posted in regards to the download from legit sites comment, not the fact that the sites have shit web practices (which while correct is a different thing).
Basically the modified software was a trojan keylogger combo that was forwarding passwords created and used to a home server.
That’s not something that the sites are going wrong, nor is it the password managers fault. That’s fully the users fault for downloading a trojan.
Joeffect@lemmy.world 3 weeks ago
Not from what the article says
involves compromised download links and trojanized versions of the legitimate KeePass application that appear identical to the authentic software on the surface, while harboring dangerous capabilities beneath.
tburkhol@lemmy.world 3 weeks ago
My university, 23andMe, Transunion, Equifax, CapitalOne, United Healthcare…
AbidanYre@lemmy.world 3 weeks ago
You shouldn’t download KeePass from any of those.
Joeffect@lemmy.world 3 weeks ago
Legit means the keepass website… those are not legit places to download the password manager
Blackfeathr@lemmy.world 3 weeks ago
Yeah UHC sold my data as soon as I was put under their coverage. Now I get so many phishing emails pretending to be from UHC.