As a side note I must confess a certain degree of uneasiness reading some of the borderline-toxic comments, which - to be fair - are nothing new.
This time around though it seems there's a certain obvious difficulty in certain commenters to contextualize what's being shown here.
I understand that "oh but that could be an app/website/whatever" or that "it's an US phone number, I ain't gonna use that" or "ahhhh, this is gonna be abused soooo bad" and so on and so forth... but folks: this clearly is meant to be something quirky and - I think - a v1.
Have we perhaps become a bit of a boring grumpy bunch around here? My 2c.
> Currently, we only have a US based phone number that can be used to interact with our service. We understand that this can be expensive in some countries, so we will be working on a WhatsApp integration for the future.
> Among other things, the vault gave access to a shared cloud-storage environment that contained the encryption keys for customer vault backups stored in Amazon S3 buckets.
Wow. So those backups - which I hope and assume are encrypted with users’ credentials and were supposed to have one more layer of “LastPass” corp encryption - now seem to be lacking the latter. This sounds equivalent to stealing the encrypted blobs from each and every LP user.
(Hoping to be wrong here)
If one workstation getting hacked led to something like this I wonder what other mess is hiding in the crypto details…
Side question for the author (@sneak): I've noticed some _pk cookie (Motomo?) being injected while visiting your page and some attempted requests to t.sneak.cloud (and others) but haven't (yet) found a consent notice on your site.
Not sure what brought to the conclusion that "medianalysisd running" => CSAM. Article is a bit on the trashy/alarmistic side IMO with no concrete or technical evidence whatsoever.