Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







LastPass Users Who Stored Cryptocurrency Seed Phrases Urged to Take Action

Seed Phrases Stored in LastPass at Risk After Breach

Cryptocurrency holders who used LastPass to store their seed phrases may be at risk of having their funds stolen, as researchers have identified a connection between recent thefts and the use of LastPass.

A breach in November 2022 led to the theft of password vaults for over 25 million LastPass users, which contained both encrypted and plaintext data. Since then, victims have suffered six-figure cryptocurrency heists, with over $35 million in losses. Victims were long-time cryptocurrency investors and security-minded individuals who stored their private key seed phrases in LastPass.

Background on LastPass Breaches

LastPass was breached in August 2022, with hackers stealing some source code and proprietary technical information. LastPass said that the attacker did not access any customer data or password vaults.

In December 2022, LastPass notified customers about another, far more serious security incident that the company said leveraged data stolen in the August breach. LastPass disclosed that criminal hackers had compromised encrypted copies of some password vaults, as well as other personal information.

In February 2023, LastPass disclosed that the intrusion involved a highly complex, targeted attack against a DevOps engineer who was one of only four LastPass employees with access to the corporate vault. The breach led to the theft of seed phrases for cryptocurrency wallets stored in LastPass.

What Users Should Do

Users who stored their seed phrases in LastPass should change important credentials stored in the service since November 2022.

LastPass recommends users to share any useful information they may have with their Threat Intelligence team by contacting securitydisclosure@lastpass.com.

Users should also migrate any crypto that may have been exposed and change their passwords. It is best to store seed phrases in encrypted containers or offline, special-purpose hardware encryption devices, such as Trezor or Ledger wallets.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.

-
00:00
00:00
Update Required Flash plugin
-
00:00
00:00