Skip to main content

The massive LastPass hack from 2022 is still haunting us

LastPass website on a laptop.
Digital Trends

Just when you thought the LastPass breach of 2022 was over, we’re still learning just how detrimental the hack was. According to blockchain expert ZachXBT and spotted by The Block, $5.36 million was stolen from 40 users in a string of attacks. This is on top of the $4.4 million stolen in October 2023 and $6.2 million earlier this year in February 2024.

The original hack goes back to 2022 when hackers claimed to have accessed LastPass’ data, which contained API tokens, customer keys, multifactor authentication seeds (MFA), and encrypted password vaults. Although no official information explains how the breach happened, it’s possible that the hacker responsible gained access to information that aided the breach. Hackers forced their way in despite the password vaults being encrypted because users reused weak or previously leaked combinations. This access, combined with the users’ weak or reused passwords, led to the various accounts being compromised.

Recommended Videos

“Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately,” ZachXBT wrote in an X post last year.

Only time will tell if this string of attacks continues, which makes you wonder if LastPass is safe. But how did the original breach happen? LastPass revealed that the hackers stole the app’s source code. In a subsequent attack, the hackers merged the stolen data with information discovered in another data breach.

The hackers then exploited a weakness in a remote-access app that LastPass employees used. This allowed the hacker to install a keylogger onto the PC of a senior engineer at LastPass, which registered all the key inputs.

The breach highlights the importance of always having a strong password on all your accounts. Never reuse passwords or have easy-to-guess passwords that hackers will love you for. If creating long, strong passwords is not your thing, you can always use one of the best password generators.

Judy Sanhz
Judy Sanhz is a Digital Trends computing writer covering all computing news. Loves all operating systems and devices.
Using LastPass? You need to switch urgently, says security firm
A dark mystery hand typing on a laptop computer at night.

It’s a good idea to use one of the best password managers to keep your logins safe, but now a security company is warning that one of the most popular password managers in the world is not safe to use.

The extraordinary claim comes from Intego, a firm that specializes in Mac security. Intego made its assertion based on a series of security breaches LastPass has suffered in recent months, the way LastPass has responded to those incidents, and the underlying technology LastPass uses to protect customer accounts.

Read more
Hackers just stole LastPass data, but your passwords are safe
A physical lock placed on a keyboard to represent a locked keyboard.

The developers behind password management software LastPass have just shared some concerning news: Bad actors were recently able to access “elements of our customers’ information” in a recent security breach.

It’s the second time in just a couple of months that LastPass has suffered a security incident, and it appears the two events are directly linked. That’s because LastPass’s developers say that the unauthorized party was able to access customer data “using information obtained in the August 2022 incident.”

Read more
Hackers stole LastPass source code in data breach incident
lastpass on phone

Today, LastPass confirmed a data breach in a blog post describing the incident to its customers that rely on the company's products for online security. The company emphasized that customer data was not stolen in the breach, however, and that users do not have to do anything to secure their data.

In a post written by CEO Karim Toubba, LastPass stated the following:

Read more