Passwords From The November 2022 LastPass Breach Being Cracked?

Source: Slashdot Passwords From The November 2022 LastPass Breach Being Cracked?

Bye Bye Bitcoin

Last year was not good for LastPass, with an initial breach occurring in August to grab data which seems to have provided the tools for a far more serious breach in November.  The second breach allowed the attackers to harvest encrypted and plaintext data for more than 25 million LastPass users.  At the time LastPass assured their customers that there was no way for attackers to defeat the 2FA protection they make use of, in the incredibly unlikely event that the attackers could even unencrypt the data they stole.  A pattern has emerged which suggests that may not be true.

According to the story over at Slashdot, since that second breach over 150 LastPass users have had a significant amount of cryptocurrency stolen, somewhere in the neighbourhood of $35 million.  These thefts seem to follow a pattern, hitting long time cryptocurrency investors who are described as security conscious.  The researchers who spotted the pattern became suspicious when they noticed a lack of the usual precursors to the theft, no email breaches nor the theft or impersonation of the persons cellphone.  The one thing they all have in common is a breached LastPass account.

This isn’t absolute proof that LastPass passwords are being cracked but it certainly raises the possibility.

Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.

Video News

About The Author

Jeremy Hellstrom

Call it K7M.com, AMDMB.com, or PC Perspective, Jeremy has been hanging out and then working with the gang here for years. Apart from the front page you might find him on the BOINC Forums or possibly the Fraggin' Frogs if he has the time.

1 Comment

  1. Gary

    To be fair, if they are “security conscious” and didn’t change their passwords after the breach, and didn’t have 2FA, probably not that security conscious after all.

    Reply

Leave a reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Latest Podcasts

Archive & Timeline

Previous 12 months
Explore: All The Years!