Data Breach of LastPass Leads to $53,000 in Bitcoin Losses, Class Action Lawsuit Filed
• A class action lawsuit was filed against password management service LastPass in the United States district court of Massachusetts on Jan. 3.
• The lawsuit alleges that the data breach of LastPass resulted in the theft of around $53,000 worth of Bitcoin.
• The plaintiff claimed he began accruing BTC in July 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.”
A class action lawsuit has been filed against LastPass, a popular password management service, for a data breach that occurred in August 2022. The lawsuit was filed in the United States district court of Massachusetts on Jan. 3 and alleges that the data breach resulted in the theft of around $53,000 worth of Bitcoin.
The plaintiff in the lawsuit, known only as “John Doe”, claims that he began accruing Bitcoin in July 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices” in order to store his private keys in the seemingly secure customer vault.
However, when news of the data breach broke, the plaintiff quickly deleted his private information from his customer vault. LastPass confirmed the breach in December, with an attacker stealing encrypted passwords and other data. Unfortunately, it was too late for the plaintiff, as his Bitcoin was stolen using the private keys he stored with the company.
The lawsuit is seeking damages from LastPass for the data breach, including compensation for the stolen Bitcoin. The lawsuit also seeks to hold LastPass accountable for failing to protect user data and for notifying customers of the breach in a timely manner.
The lawsuit is a reminder of the importance of taking security seriously, especially when dealing with sensitive information like passwords and financial accounts. It also highlights the importance of using secure passwords and two-factor authentication. LastPass has since updated its security measures in order to better protect user data and avoid future data breaches.