3 months ago 1 min read

Loss of $53,000 Worth of Bitcoin As Result of LastPass

lastpass-john doe-graham cluley

It has filed a class action lawsuit against the password management provider LastPass as a result of a data breach in August 2022. On January 3, a plaintiff going by the name "John Doe" filed the class action with the U.S. District Court of Massachusetts on behalf of all parties who were in a comparable situation.

It asserts that LastPass suffered a data breach that resulted in the loss of Bitcoin worth roughly $53,000. The plaintiff claimed that he began amassing BTC in July 2022 and changed his master password to encompass more than 12 characters using a password generator in compliance with the LastPass "recommended practices."

When the complainant discovered that there had been a data breach, he immediately deleted his personal information from his customer vault. LastPass was compromised in August 2022, according to a statement from the company in December, and the attacker obtained encrypted passwords and other information.

Despite the content being quickly deleted, it looked that the plaintiff had gone too far.

Plaintiff erased his Private Information from his customer vault as soon as he became aware of the Data Breach. However, using the private keys he kept with the Defendant, Plaintiff's Bitcoin was taken on or around Thanksgiving weekend in 2022. A week after the theft occurred, the plaintiff called the police, reported it to them, and also reported it to the FBI via the Internet Crime Complaint Center ("IC3.gov"), but has not heard back from them.

Plaintiffs now face a greatly increased risk of future fraud and exploitation of their personal information, which might take years to manifest, uncover, and identify, according to the lawsuit.

The quantity of damages sought was not specified, but LastPass is accused of negligence, breach of contract, unjust enrichment, and breach of fiduciary obligation.

Furthermore, according to cybersecurity expert Graham Cluley, the unencrypted information stolen from password vaults includes user names, billing addresses, phone numbers, email addresses, IP addresses, and website URLs.

Great! You’ve successfully signed up.
Welcome back! You've successfully signed in.
You've successfully subscribed to Coin Aquarium.
Your link has expired.
Success! Check your email for magic link to sign-in.
Success! Your billing info has been updated.
Your billing was not updated.