Data Breach
LastPass Data Breach
30.0M records exposed • August 2022
Hackers broke into a LastPass engineer home computer and used that to steal customer password vaults. While passwords were encrypted, the website names were not, revealing what sites people used.
What Happened
Attackers compromised a DevOps engineer home computer to access LastPass cloud storage. They stole encrypted password vaults and unencrypted metadata including website URLs.
Attack method: Targeted attack on DevOps engineer home computer
What Data Was Exposed
Encrypted password vaults, Account metadata, URLs, Unencrypted URLs
Is your business exposed?
What to Do If You're Affected
- 1.
Change your LastPass master password immediately
- 2.
Consider migrating to a different password manager
- 3.
Change passwords for high-value accounts
Lessons for Businesses
- • Work from home expands attack surface
- • Unencrypted metadata can be valuable to attackers
- • Password managers need defense in depth
Sources
Related Breaches
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required