In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
In addition to the information above, Whizkids has had recent reports of individuals who use LastPass and have had account hack attempts made against them. In at least one of these instances, an individual reported a password was obtained and a login attempt made. The hijacked password had been stored in LastPass and was over 30 random characters long. These reports are in corroboration of the above information, and while impossible to conclusively assert whether some LastPass vaults have successfully been cracked open by criminals, we highly advise anyone who uses LastPass to do the following:
- Change your Master Password immediately
- Change all passwords for all accounts stored in LastPass, prioritizing the most important ones first (for example, financial related)
- If any of those passwords were used in any other account that isn’t in LastPass, update those passwords as well
- Strongly consider moving to a different password management solution
Password breaches can have devastating consequences for anyone whose passwords have been obtained.
Read more details about what happened here: Experts Fear Crooks are Cracking Keys Stolen in LastPass Breach