LastPass Suffers Second Breach of 2022
Table of Contents
- By Steven
- Published: Dec 02, 2022
- Last Updated: Dec 02, 2022
Global password manager LastPass suffered from a data breach in August 2022, that was said to not involve anything more than source code. People’s data and passwords were safe. Unfortunately, the second breach from November 2022 did not have the same positive outcome. The second breach did involve user data, and it looks to be more expansive than the original breach.
How Did the Attack Occur?
According to a LastPass representative, the data breach was a direct result of the August breach where source code was stolen. The hackers used the source code to create their own way into the cloud storage used by both LastPass and GoTo, accessing the data they wanted or needed. While the company is stating they believe passwords are still safe, they do recognize that customer data was compromised.
What Information Was Viewed or Stolen?
As of the time of this writing, the exact customer data that was accessed is unknown. It could involve anything from usernames to financial information. However, the one thing that LastPass is sure of is that hackers did not access the passwords the company stores. What happens when users sign up for LastPass is the device they log in from encrypts the data, so once the server receives the data, it is already encrypted. It allows LastPass to never have access to the unencrypted passwords. This is how the company is sure that hackers would not have access to any passwords.
How Did LastPass Admit to the Breach?
LastPass announced the breach by means of a Twitter post from Karim Toubba, the CEO of LastPass. Toubba wanted to acknowledge the breach immediately and explain without any confusing language that passwords were still safe and secure.
What Will Become of the Stolen Information?
Without knowing what data was stolen, it is hard to say what will become of the stolen data. However, there are typically two outcomes. The first is selling the data. These types of sales are often done through the Dark Web, but there are many places where hackers sell stolen data. The second outcome is using the information fraudulently. The fraud could appear as identity theft, accessing and using financial information, or many other forms. The most important thing right now is making sure that consumers protect their data until they know if anything was compromised.
What Should Affected Parties Do in the Aftermath of the Breach?
While waiting to find out what customer data was compromised, LastPass customers need to watch their information. They should carefully look over any statements they get. If there are any types of charges that do not look right, inquire about them. If you happen to find charges you did not make, inform the company immediately. You also need to change all passwords even though they may not have been exposed during the breach. The reason for this is that if your password was not strong and the hackers were able to get your username, they may be able to figure out your passwords on their own or using software. You should also consider getting monitoring services that keep an eye on your data, specifically your personal data. The more protection your data has, the better!