More than $35 million has been stolen from over 150 victims since December — ‘nearly every victim’ was a LastPass user::Security experts believe some of the LastPass password vaults stolen during a security breach last year have now been cracked open following a string of cryptocurrency heists

  • ribboo@lemm.ee
    link
    fedilink
    English
    arrow-up
    2
    arrow-down
    1
    ·
    edit-2
    1 year ago

    There are plenty of use cases for going after self hosters. Bot farms are basically made up of “regular” computers infected with malware.

    While you’re at it and have access to tens of thousands computers, also grabbing their passwords is just a nice bonus.

    If anything, it doesn’t make financial sense not to do it. You’re right in that self hosters themselves are not the target per se. but they are targeted for other reasons, and that’s where it ends up becoming problematic.

    • diffusive@lemmy.world
      link
      fedilink
      English
      arrow-up
      2
      ·
      1 year ago

      You need to aumatize any operation… It’s not conceivable that an human look at every device for stuff to steal. It would be even more expensive.

      Generally all these bit malware do is 1) using a vulnerability to replicate themselves 2) mine crypto or other kind of crap. Sometimes (1) involves also stealing ssh keys but it’s not the goal, it the mean.

      Self hosting password/code/photos/whatever niches you are almost guaranteed that no human will look at hit because the amount of IoT/Routers/etc with nothing valuable beyond themselves generally composes the majority of these compromised bots

      This is just the economic incentive