Recent investigations have uncovered the significant impact of the security breach that occurred in 2022 involving the password storage tool, LastPass. Records reveal that approximately $4.4 million in cryptocurrencies were drained from nearly 80 wallets, affecting at least 25 individuals.
ZachXBT, an anonymous blockchain researcher, shared these findings on social media platforms, working closely with MetaMask developer Taylor Monahan. Their joint analysis unveiled that a substantial number of these victims had a long-standing association with LastPass, often using the software to safeguard their cryptocurrency wallet keys and seeds.
Going back to December 2022, LastPass admitted to an internal security breach. An intruder leveraged data acquired during a prior breach in August of the same year to deceive a LastPass staff member. By doing so, they gained access to the employee's login credentials and successfully decrypted encrypted customer information.
The breach also provided unauthorized access to a backup that contained encrypted client vault data. LastPass conveyed the gravity of the situation, warning that the data might be decrypted if the culprits could successfully ascertain the master passwords for individual accounts.
Cybersecurity reporter Brian Krebs offered further insight on the matter. In a September commentary, Krebs disclosed that certain customer vaults had already been compromised. He estimated a substantial loss of over $35 million in digital assets from around 150 unsuspecting individuals.
The repercussions didn't end there. By the beginning of this year, LastPass found itself facing a collective lawsuit. The affected parties alleged that the breach in August 2022 directly led to a theft totaling approximately $53,000 in Bitcoin.
Based on these revelations, ZachXBT recommended that anyone who had ever used LastPass to secure their wallet seed or private access key should promptly transfer their digital assets to a more secure platform.
Comment 0