Security News > 2023 > October > LastPass breach linked to theft of $4.4 million in crypto
Hackers have stolen $4.4 million in cryptocurrency on October 25th using private keys and passphrases stored in stolen LastPass databases, according to research by crypto fraud researchers who have been researching similar incidents.
According to a tweet by ZachXBT on X, the threat actors stole $4.4 million from 25+ victims due to a LastPass breach in 2022.
In 2022, LastPass suffered two breaches that ultimately allowed threat actors to steal source code, customer data, and production backups stored in cloud services that included encrypted password vaults.
At the time, LastPass CEO Karim Toubba said that while the encrypted vaults were stolen, only customers knew the master password required to decrypt them.
"Depending on the length and complexity of your master password and iteration count setting, you may want to reset your master password," reads a LastPass support bulletin about the cyberattack.
If you are a LastPass user who had an account during the August and December 2022 breaches, it is strongly suggested that you reset all of your passwords, including your password.