LastPass has been threatened with legal action after a months-long data breach that began in August 2022 and led to the potentially leaking of millions of users’ private information.
A statement from the CEO of password manager Karim Tuba at the time claimed there was no evidence that any customer data was at risk, despite the publication of a leading cybersecurity and forensics firm.
The December 2022 notice declared that “an unknown threat actor has accessed a cloud-based storage environment leveraging information obtained from the incident.”
LastPass August 2022 Leak
according to group complaint (Opens in a new tab) The names, usernames, billing addresses, email addresses, phone numbers, and even IP addresses used to access the service were provided to all offenders.
The last straw in the hat may be the leak of unencrypted customer vault data, which includes all kinds of information ranging from website usernames and passwords to secure notes and form data.
According to the lawsuit, “LastPass understood and appreciated the value of this information but chose to ignore it by not investing in appropriate data security measures.”
The plaintiff in the case claims to have invested $53,000 in Bitcoin since July 2022, which was subsequently “stolen” several months later, leading to police and FBI reports.
Recently, Tuba moved to the company Articles (Opens in a new tab) To advertise “theft of some source code and technical information from [LastPass’s] development environment”, which led to an attack on an employee’s account that saw credentials and keys stolen. Since then, the company has “turned that whole environment down and rebuilt a new one from scratch”.
While the plaintiff in the case has requested a jury trial in connection with the leak and its subsequent losses, it remains to be seen what action (if any) will be taken against LastPass.