LastPass, a leading password manager, confirmed a major data breach that occurred at the end of last year. Cybercriminals had managed to steal encrypted password vaults that stored LastPass customers' passwords and other sensitive information.
The security breach was first revealed on December 23, 2023, when LastPass CEO Karim Toubba confirmed that attackers had accessed a backup of customer vault data using cloud storage keys stolen from a LastPass employee.
The data stolen and stored in a proprietary binary format included both unencrypted and encrypted vault data. The unencrypted data contained web addresses stored in vaults.
Another $4.4 Million Stolen from LastPass Users' Wallets In a recent development, cryptocurrency detective ZachXBT revealed that approximately another $4.4 million was stolen from more than 25 victims as a result of the LastPass attack on October 25, 2023.
ZachXBT urged anyone who may have stored their seed or keys in LastPass to move their crypto assets immediately. In the latest development, hackers targeted approximately 80 different addresses and affected more than 25 different victims.
These thefts are part of a larger case that dates back to at least December 2022. Most of the victims are long-time LastPass users who confirmed that they stored their keys/seeds in LastPass.