A data breach can have long-term consequences, and the LastPass case is a prime example. Ultimately, the attack on the password manager resulted in the theft of more than 100 million$ in cryptocurrency from the personal accounts of the Ripple co-founder, according to official U.S. law enforcement sources.
The investigation revealed that the stolen funds were laundered through major cryptocurrency exchanges, including Binance. The hackers gained access to the victims’ private keys stored on LastPass; analysts at ZachXBT claim that the breach was caused by the password manager being used to store sensitive data. In total, more than $100 million in XRP cryptocurrency was stolen, of which law enforcement was able to freeze only $24 million. Only recently did investigators obtain permission to formally seize these assets. According to the Security Alliance, the total losses associated with the LastPass hack already exceed $250 million.
LastPass suffered a major breach in 2022. The attackers gained access to a cloud storage service with backups of their data. Although the company claimed that the stored passwords were encrypted, the hackers were able to access customer metadata (names, email addresses, IP addresses, and other sensitive information). This allowed the attackers to launch further attacks on specific users.
This incident once again highlights the risks of storing sensitive data in cloud services. While using a password manager can increase security, it is important not to store private keys and other sensitive information there. It is also important to use multi-factor authentication and change passwords regularly.
46 
68 
36 