LastPass data breach led to $53K in Bitcoin stolen, lawsuit alleges

A class action lawsuit has been filed against password management service LastPass following a data breach from Aug. 2022.

The class action was filed with the U.S. district court of Massachusetts on Jan. 3, by an unnamed plaintiff known only as “John Doe” and on behalf of others similarly situated.

It alleges that the data breach of LastPass has resulted in the theft of around $53,000 worth of Bitcoin.

The plaintiff claimed he began accruing BTC in Jul. 2022 and updated his master password to more than 12 characters using a password generator, as recommended by the LastPass “best practices.”

This was done to enable the storage of private keys in the seemingly secure LastPass customer vault.

When news of the data breach broke, the plaintiff deleted his private information from his customer vault. LastPass was hacked in Aug. 2022, with the attacker stealing encrypted passwords and other data, according to a December statement from the company.

Despite the quick action to delete the data, it appeared to be too late for the plaintiff. The lawsuit read:

“However, on or around Thanksgiving weekend of 2022, Plaintiff’s Bitcoin was stolen using the private keys he stored with Defendant [LastPass].”

“The LastPass Data Breach has, through no fault of his own, exposed him to the theft of his Bitcoin and exposed him to continued risk,” it added.

The suit claims that victims have been put at increased substantial risk of future fraud and misuse of their private information, which may take years to manifest, discover, and detect.

LastPass is being accused of negligence, breach of contract, unjust enrichment, and breach of fiduciary duty, however, the figure sought in damages was not specified.

Related:‘Third-party incident’ impacted Gemini with 5.7 million emails leaked

According to cybersecurity researcher Graham Cluley, the stolen data includes unencrypted information including company names, user names, billing addresses, telephone numbers, email addresses, IP addresses, and website URLs from password vaults.

In December, LastPass admitted that if customers had weak Master Passwords, the attackers may be able to use brute force to guess this password, allowing them to decrypt the vaults.

All Dutch and English crypto news!

FTX legal team calls for Sam Bankman-Fried’s family to answer questions under oath: Report

Lawyers representing FTX in bankruptcy court have reportedly argued that former CEO Sam Bankman-Fried's immediate family should face questioning regarding their personal wealth. According to a...

Aave purchases 2.7M CRV to clear bad debt following failed Eisenberg attack

According to a new post on Jan. 26, Marc Zeller integrations lead at decentralized finance (DeFi) lending protocol Aave stated that the firm purchased 2.7...

US Justice Department seizes website of prolific ransomware gang Hive

Zhiyuan Sun 7 minutes ago The group is known to have targeted critical infrastructure, healthcare providers, and more over the past two years. 60 Total views Listen to article Breaking...

Bitcoin can still crack $50K if gold correlation continues — Chart

Bitcoin (BTC) could get sucked toward $50,000 like a magnet if it continues to follow gold, fresh analysis predicts. In a Twitter update on Jan. 26,...

Beste exchanges

Koop je crypto bij Bitvavo