259
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 17 Feb 2026
259 points (89.8% liked)
Technology
85059 readers
4397 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related news or articles.
- Be excellent to each other!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
- Check for duplicates before posting, duplicates may be removed
- Accounts 7 days and younger will have their posts automatically removed.
Approved Bots
founded 3 years ago
MODERATORS
Is there a reason why these attacks were on cloud based pw managers?
The method, they use, requires a client-server architecture. Hence, they cannot attack a local keepass file even if you sync it to some cloud.
From what I scanned, there was no reason given on why they only attacked cloud based providers.
My guess is that these are paid ones and thus have a 'market share', easier to attack etc.
If you attack a 'keepass' password the attack vector is more crypto / memory based as far as my limited knowledge goes and not some funky inbetween attack.
Also, if you attack a cloud base provides, you will most likely have multiple victims per breach / exploit, whilst offline are targeted and thus not so interesting in most cases unless we're talking about a person of interest
Oh okay so they probably delivered malicious code to the user entering their passwords... Well even an offline pw manager can be compromised in the code.
That's where most of the passwords are