LastPass Suffers Second Breach of 2022

  • By Steven
  • Dec 02, 2022

LastPass Suffers Second Major Data breach

Global password manager LastPass suffered from a data breach in August 2022, that was said to not involve anything more than source code. People’s data and passwords were safe. Unfortunately, the second breach from November 2022 did not have the same positive outcome. The second breach did involve user data, and it looks to be more expansive than the original breach. 

How Did the Attack Occur?

According to a LastPass representative, the data breach was a direct result of the August breach where source code was stolen. The hackers used the source code to create their own way into the cloud storage used by both LastPass and GoTo, accessing the data they wanted or needed. While the company is stating they believe passwords are still safe, they do recognize that customer data was compromised.

What Information Was Viewed or Stolen?

As of the time of this writing, the exact customer data that was accessed is unknown. It could involve anything from usernames to financial information. However, the one thing that LastPass is sure of is that hackers did not access the passwords the company stores. What happens when users sign up for LastPass is the device they log in from encrypts the data, so once the server receives the data, it is already encrypted. It allows LastPass to never have access to the unencrypted passwords. This is how the company is sure that hackers would not have access to any passwords. 

How Did LastPass Admit to the Breach?

LastPass announced the breach by means of a Twitter post from Karim Toubba, the CEO of LastPass. Toubba wanted to acknowledge the breach immediately and explain without any confusing language that passwords were still safe and secure. 

What Will Become of the Stolen Information?

Without knowing what data was stolen, it is hard to say what will become of the stolen data. However, there are typically two outcomes. The first is selling the data. These types of sales are often done through the Dark Web, but there are many places where hackers sell stolen data. The second outcome is using the information fraudulently. The fraud could appear as identity theft, accessing and using financial information, or many other forms. The most important thing right now is making sure that consumers protect their data until they know if anything was compromised. 

What Should Affected Parties Do in the Aftermath of the Breach?

While waiting to find out what customer data was compromised, LastPass customers need to watch their information. They should carefully look over any statements they get. If there are any types of charges that do not look right, inquire about them. If you happen to find charges you did not make, inform the company immediately. You also need to change all passwords even though they may not have been exposed during the breach. The reason for this is that if your password was not strong and the hackers were able to get your username, they may be able to figure out your passwords on their own or using software. You should also consider getting monitoring services that keep an eye on your data, specifically your personal data. The more protection your data has, the better!

About the Author
IDStrong Logo

Related Articles

Instagram Vulnerability Allowed Hackers Access to Control Your Phone

Security experts Check Point Research discovered a critical vulnerability while examining Instagra ... Read More

Alien Malware Infects More than 226 Mobile Apps and Steals Bank Data

As reported on September 24, 2020, by ZDNet and ThreatPost, a new strain of malware named “A ... Read More

Universal Health Systems Hit by Ransomware Attack

Universal Health Systems (UHS), a Fortune 500 company owning more than 400 hospitals across the co ... Read More

Exchange Server Bug Exposes a Big Risk to Hackers

Months after Microsoft released a patch to fix a serious flaw in MS Exchange Server, more than 61% ... Read More

Clients’ Bank Data Exposed in Blackbaud Ransomware Attack

Blackbaud software was victim to a ransomware attack last May, and new information suggests that c ... Read More

Latest Articles

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Pennsylvania Maternal & Family Health Services Announces Ransomware Attack

Anyone paying even little attention to cybersecurity knows that medical practices and services are some of the most targeted institutions in the world.

Weekly Cybersecurity Recap January 27

Weekly Cybersecurity Recap January 27

This week, our lineup is pretty hard-hitting. Some of the biggest names in, well, everything, have been hacked, with a combined victim total of well into the millions.

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp Announces Data Breach Affecting Tiny Number of Customers – With Big Ripples

MailChimp has been hacked repeatedly over the years; there is very little surprise in the breach, though one thing should be considered.

Featured Articles

How to Buy a House with Bad Credit

How to Buy a House with Bad Credit

Buying your own home is the American Dream, but it might seem out of reach to those with bad credit. However, the good news is, if your credit is less than perfect, you do still have options and in most cases, can still buy a home.

How Secure Is Your Password? Tips to Improve Your Password Security

How Secure Is Your Password? Tips to Improve Your Password Security

Any good IT article on computers and network security will address the importance of strong, secure passwords. However, the challenge of good passwords is that most people have a hard time remembering them, so they use simple or obvious ones that pose a security risk.

Top 10 Senior Scams and How to Prevent Them

Top 10 Senior Scams and How to Prevent Them

Senior scams are becoming a major epidemic for two reasons. First, seniors often have a lot of money in the bank from a life of working hard and saving.

Free Identity Threat Scan
Instantly Check if Your Personal Information is Exposed
All fields below are required
Please enter first name
Please enter last name
Please enter a city
Please select a state
Please enter an email address