A class-action lawsuit has been filed against the password management service LastPass due to a data breach in August 2022. On January 3, “John Doe” filed the class action lawsuit before the United States District Court for the District of Massachusetts on behalf of all other parties involved in a comparable circumstance.
It states that BTC worth around $53,000 was lost due to the LastPass data breach. The plaintiff said that he began amassing BTC in July 2022.
Thus, he changed his master password to include more than 12 characters using a password generator per LastPass’s “recommended practices” to facilitate the safeguarding of private keys in the user vault. When the complainant discovered the data breach, he immediately deleted his personal information from his customer vault.
In August 2022, LastPass reportedly suffered a security breach, and the attacker obtained encrypted passwords and other information, according to a statement from the company in December.
The plaintiff’s statement claims that the LastPass Data Breach “has exposed him to the loss of his BTC and continual danger, without no fault of his own.”
According to the lawsuit, the potential of future identity theft and the exploitation of the plaintiffs’ personal information has dramatically increased. It might take years for these hazards to manifest, be discovered, and be noticed.
Usernames, billing addresses, phone numbers, email addresses, IP addresses, and website URLs are among the unencrypted information from password vaults, according to cybersecurity expert Graham Cluley. Customers with weak Master Passwords may have their vaults decrypted by attackers using brute force to access their vaults, according to a December statement from LastPass.
A “Woefully Inadequate” Security
In August 2022, hackers used an internal account to access the LastPass development environment, source code, and technical information. Three months later, it was revealed that attackers had used the data they acquired in August to successfully access the platform’s third-party cloud storage provider and “copy a backup of client vault data.”
Hence, the complaint alleges that LastPass mishandled the August data breach by underestimating the impact of the assault, which resulted in the December breach and the potential disclosure of sensitive user information.
Additionally, the complaint disputes LastPass’s claims that neither incident resulted in the loss of user master passwords (the keys used to encrypt vaults with user passwords). This assertion “has not only not been substantiated via discovery, but it is also a cynical attempt by LastPass to shift the responsibility of the Data Breach’s subsequent harm to Plaintiff and Class Members,” according to the lawsuit.
Over 33 million people use LastPass, and the company claims to have over 100,000 business accounts. The company has its headquarters in the US.
At Tokenhell, we help over 5,000 crypto companies amplify their content reach—and you can join them! For inquiries, reach out to us at info@tokenhell.com. Please remember, cryptocurrencies are highly volatile assets. Always conduct thorough research before making any investment decisions. Some content on this website, including posts under Crypto Cable, Sponsored Articles, and Press Releases, is provided by guest contributors or paid sponsors. The views expressed in these posts do not necessarily represent the opinions of Tokenhell. We are not responsible for the accuracy, quality, or reliability of any third-party content, advertisements, products, or banners featured on this site. For more details, please review our full terms and conditions / disclaimer.