These kinds of breaches are at the site level. Not much you can do as a regular user if the company doesn’t hash or salt their passwords, for example.
Comment on God ****** dammit, here we go again
Joeffect@lemmy.world 13 hours agoDon’t download shit from random websites… make sure its from legit places…
Kyrgizion@lemmy.world 13 hours ago
Pika@sh.itjust.works 12 hours ago
I believe they are replying to the article you posted in regards to the download from legit sites comment, not the fact that the sites have shit web practices (which while correct is a different thing).
Basically the modified software was a trojan keylogger combo that was forwarding passwords created and used to a home server.
That’s not something that the sites are going wrong, nor is it the password managers fault. That’s fully the users fault for downloading a trojan.
Joeffect@lemmy.world 12 hours ago
Not from what the article says
involves compromised download links and trojanized versions of the legitimate KeePass application that appear identical to the authentic software on the surface, while harboring dangerous capabilities beneath.
tburkhol@lemmy.world 13 hours ago
My university, 23andMe, Transunion, Equifax, CapitalOne, United Healthcare…
AbidanYre@lemmy.world 13 hours ago
You shouldn’t download KeePass from any of those.
Joeffect@lemmy.world 12 hours ago
Legit means the keepass website… those are not legit places to download the password manager
Blackfeathr@lemmy.world 12 hours ago
Yeah UHC sold my data as soon as I was put under their coverage. Now I get so many phishing emails pretending to be from UHC.