Skip to main content
  1. Home
  2. Computing
  3. News

The massive LastPass hack from 2022 is still haunting us

Add as a preferred source on Google
LastPass website on a laptop.
Digital Trends

Just when you thought the LastPass breach of 2022 was over, we’re still learning just how detrimental the hack was. According to blockchain expert ZachXBT and spotted by The Block, $5.36 million was stolen from 40 users in a string of attacks. This is on top of the $4.4 million stolen in October 2023 and $6.2 million earlier this year in February 2024.

The original hack goes back to 2022 when hackers claimed to have accessed LastPass’ data, which contained API tokens, customer keys, multifactor authentication seeds (MFA), and encrypted password vaults. Although no official information explains how the breach happened, it’s possible that the hacker responsible gained access to information that aided the breach. Hackers forced their way in despite the password vaults being encrypted because users reused weak or previously leaked combinations. This access, combined with the users’ weak or reused passwords, led to the various accounts being compromised.

Recommended Videos

“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote in an X post last year.

Only time will tell if this string of attacks continues, which makes you wonder if LastPass is safe. But how did the original breach happen? LastPass revealed that the hackers stole the app’s source code. In a subsequent attack, the hackers merged the stolen data with information discovered in another data breach.

The hackers then exploited a weakness in a remote-access app that LastPass employees used. This allowed the hacker to install a keylogger onto the PC of a senior engineer at LastPass, which registered all the key inputs.

The breach highlights the importance of always having a strong password on all your accounts. Never reuse passwords or have easy-to-guess passwords that hackers will love you for. If creating long, strong passwords is not your thing, you can always use one of the best password generators.

Judy Sanhz
Computing Writer
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more
Opera’s new Paste Protect feature stops the clipboard attack your antivirus can’t catch
ClickFix attacks trick you into compromising your own device, and no major browser had a native defense against them until now.
Opera Paste Protect featured

Most online scams are easy enough to spot once you know what to look for. Fake login pages, suspicious attachments, or urgent wire transfer requests are dead giveaways. But ClickFix doesn't look like any of them. It presents itself as a solution, and it asks you to do something so routine that few people think twice about it.

The technique was behind more than 53 percent of malware loader incidents last year, according to cybersecurity firm Huntress, and no major browser had a native defense against it until now. Opera is fixing that with a new feature called Paste Protect.

Read more