The massive LastPass hack from 2022 is still haunting us
|
By
Judy Sanhz Published December 17, 2024 |
Just when you thought the LastPass breach of 2022 was over, we’re still learning just how detrimental the hack was. According to blockchain expert ZachXBT and spotted by The Block, $5.36 million was stolen from 40 users in a string of attacks. This is on top of the $4.4 million stolen in October 2023 and $6.2 million earlier this year in February 2024.
The original hack goes back to 2022 when hackers claimed to have accessed LastPass’ data, which contained API tokens, customer keys, multifactor authentication seeds (MFA), and encrypted password vaults. Although no official information explains how the breach happened, it’s possible that the hacker responsible gained access to information that aided the breach. Hackers forced their way in despite the password vaults being encrypted because users reused weak or previously leaked combinations. This access, combined with the users’ weak or reused passwords, led to the various accounts being compromised.
“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote in an X post last year.
Only time will tell if this string of attacks continues, which makes you wonder if LastPass is safe. But how did the original breach happen? LastPass revealed that the hackers stole the app’s source code. In a subsequent attack, the hackers merged the stolen data with information discovered in another data breach.
The hackers then exploited a weakness in a remote-access app that LastPass employees used. This allowed the hacker to install a keylogger onto the PC of a senior engineer at LastPass, which registered all the key inputs.
The breach highlights the importance of always having a strong password on all your accounts. Never reuse passwords or have easy-to-guess passwords that hackers will love you for. If creating long, strong passwords is not your thing, you can always use one of the best password generators.
Related Posts
Acer reveals Veriton compact PC to tackle the Mac mini with AMD Ryzen and plenty of AI mojo
Acer is making a direct play in that space with the Veriton RA110 AI Mini Workstation, a compact desktop that runs on AMD's Ryzen AI Max+ 395 processor, aimed at the same desk-bound professional who wants power without the tower.
Acer’s Swift Air 14 is a peppy MacBook Neo rival with some cool upgrades and a $699 ask
At a time when even mainstream laptops are creeping toward four-figure price tags, Acer’s latest machine feels refreshingly straightforward. It’s aimed at students, remote workers, and anyone who wants a laptop that looks and feels expensive without draining their bank account. The Swift Air 14 is powered by Intel’s new Core Series 3 processors and delivers up to 19 hours of battery life. That’s the sort of endurance that could realistically get many users through a full workday and beyond without scrambling for a charger.
Google Drive can now batch-scan your documents and spare you a few other frustrations, too
Well, Google Drive's new document scanner redesign fixes all three problems at once. Announced by Sameer Samat, the President of Android Ecosystem at Google, the feature is now rolling out for Android users.