LastPass: Difference between revisions
→2022 Data Breach: added info on the aftermath of the 2022 data breach |
m →Stolen Crypto: added trm link |
||
| Line 32: | Line 32: | ||
====Stolen Crypto==== | ====Stolen Crypto==== | ||
Also in December 2025, TRM reported that their analysts had been able to: <blockquote>"trace the stolen funds through mixers and ultimately to two high-risk Russian exchanges frequently used by cybercriminals as fiat off-ramps — with one of them receiving LastPass-linked funds as recently as October."</blockquote> This was reportedly the result of analyzing clusters of wallet drains that occurred after the breach, with waves of them surfacing as late as 2024 and 2025.<ref>{{Cite web |author=TRM Team |title=TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement |date=24 Dec 2025 |url=https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement |url-status=live |website=trmlabs.com |archive-url=https://web.archive.org/web/20260604104239/https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement |archive-date=4 Jun 2026 |access-date=23 Jun 2026}}</ref><ref>{{Cite web |title=Stolen LastPass backups enable crypto theft through 2025 |date=28 Dec 2025 |first=Pierluigi |last=Paganini |url=https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html |url-status=live |website=securityaffairs.com |archive-url=https://web.archive.org/web/20260611133236/https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html |archive-date=11 Jun 2026 |access-date=23 Jun 2026}}</ref> | Also in December 2025, [https://www.trmlabs.com/ TRM] reported that their analysts had been able to: <blockquote>"trace the stolen funds through mixers and ultimately to two high-risk Russian exchanges frequently used by cybercriminals as fiat off-ramps — with one of them receiving LastPass-linked funds as recently as October."</blockquote> This was reportedly the result of analyzing clusters of wallet drains that occurred after the breach, with waves of them surfacing as late as 2024 and 2025.<ref>{{Cite web |author=TRM Team |title=TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement |date=24 Dec 2025 |url=https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement |url-status=live |website=trmlabs.com |archive-url=https://web.archive.org/web/20260604104239/https://www.trmlabs.com/resources/blog/trm-traces-stolen-crypto-from-2022-lastpass-breach-on-chain-indicators-suggest-russian-cybercriminal-involvement |archive-date=4 Jun 2026 |access-date=23 Jun 2026}}</ref><ref>{{Cite web |title=Stolen LastPass backups enable crypto theft through 2025 |date=28 Dec 2025 |first=Pierluigi |last=Paganini |url=https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html |url-status=live |website=securityaffairs.com |archive-url=https://web.archive.org/web/20260611133236/https://securityaffairs.com/186191/digital-id/stolen-lastpass-backups-enable-crypto-theft-through-2025.html |archive-date=11 Jun 2026 |access-date=23 Jun 2026}}</ref> | ||
==='create backup' Phishing Campaign (2026)=== | ==='create backup' Phishing Campaign (2026)=== | ||
Revision as of 06:11, 23 June 2026
| Basic Information | |
|---|---|
| Release Year | 2008 |
| Product Type | Password Managers, Browser extension, Software, Security |
| In Production | |
| Official Website | https://www.lastpass.com/ |
LastPass is a password manager application that allows users to store passwords and notes securely using one master password. It was launched in 2008 and was one of the first widely adopted password managers.
In 2015 LastPass was acquired by GoTo (formerly LogMeIn Inc) for $110 million. LastPass was later spun off into it's own company being acquired by private equity firms Francisco Partners and Elliott Management in 2024.[1]
Consumer-impact summary
LastPass, being a password manager, stores and transmits highly sensitive information (passwords and secure notes). LastPass relies on its users trusting it to safely handle this information and have it be accessible.
Use of a subscription service for more device types allows LastPass to restrict where users can view their passwords.
LastPass has suffered a number of security incidents over the years with the most severe being the 2022 data breach which saw encrypted customer passwords and secret notes get exposed. Despite the most sensitive information being encrypted, the vault can be decrypted and was allegedly used in the theft of $35 million in cryptocurrency from 150 victims. In 2025 an even larger theft of $150 million was traced back to the data breach.[2]
Incidents
Free Tier Device Type Restrictions (2021)
On February 16, 2021 LastPass changed its free tier to restrict users to only one device type. After March 16, 2021, if a user was using LastPass on their computer, they would not be able to view their LastPass vault on mobile without paying for premium. These restrictions locked a large number of LastPass's userbase out of their passwords.[3]
2022 Data Breach
In August 2022 and November 2022, LastPass suffered a data breach involving a backup copy of a customer database and customer password vaults. The attackers used a compromised developer account to access source code which contained credentials to the aforementioned backup database. The stolen data included encrypted usernames, passwords and secure notes. It was also discovered that URLs, IP addresses, phone numbers and some emails were unencrypted.[4]
Aftermath
ICO Fine
In December 2025, ICO announced that they had fined LastPass UK Ltd £1.2 million based on their findings following the data breach. They concluded that:
"LastPass failed to implement sufficiently robust technical and security measures, which ultimately enabled a hacker to gain unauthorised access to its backup database."
But also that:
"there is no evidence that hackers were able to unencrypt customer passwords as these are stored locally on customer devices and not by LastPass."
Stolen Crypto
Also in December 2025, TRM reported that their analysts had been able to:
"trace the stolen funds through mixers and ultimately to two high-risk Russian exchanges frequently used by cybercriminals as fiat off-ramps — with one of them receiving LastPass-linked funds as recently as October."
This was reportedly the result of analyzing clusters of wallet drains that occurred after the breach, with waves of them surfacing as late as 2024 and 2025.[6][7]
'create backup' Phishing Campaign (2026)
On or around January 19th 2026, phishing emails were sent out from multiple email and ip addresses. The emails claimed that maintenance was to be conducted and that LastPass users needed to backup their vaults within 24 hours. They also contained links which took users to a website which allowed them to perform vault "backups." LastPass seems to have detected this relatively quickly as a threat intel blog post was already published on their website by January 20th.[8][9]
See also
References
- ↑ "LastPass Completes Journey to Become an Independent Company with Enhanced Cybersecurity Focus and Executive Leadership Team". LastPass Newsroom. 2024-05-01. Archived from the original on 11 Feb 2026. Retrieved 2025-11-02.
- ↑ "Feds Link $150 Million CyberHeist to 2022 LastPass Hacks". KrebsonSecurity. 2025-03-07. Archived from the original on 21 Feb 2026. Retrieved 2025-11-02.
- ↑ "Changes to LastPass free tier". LastPass Blog. 2021-02-16. Archived from the original on 17 Feb 2026. Retrieved 2025-11-02.
- ↑ Learning Center (2025-06-13). "What did the lastpass breach reveal about password manager security?". SecurityScorecard. Archived from the original on 8 Jan 2026. Retrieved 2025-11-02.
- ↑ ICO (11 Dec 2025). "Password manager provider fined £1.2m by ICO for data breach". ico.org.uk. Archived from the original on 13 Jun 2026. Retrieved 23 Jun 2026.
- ↑ TRM Team (24 Dec 2025). "TRM Traces Stolen Crypto from 2022 LastPass Breach — On-chain Indicators Suggest Russian Cybercriminal Involvement". trmlabs.com. Archived from the original on 4 Jun 2026. Retrieved 23 Jun 2026.
- ↑ Paganini, Pierluigi (28 Dec 2025). "Stolen LastPass backups enable crypto theft through 2025". securityaffairs.com. Archived from the original on 11 Jun 2026. Retrieved 23 Jun 2026.
- ↑ Threat Intelligence, Mitigation, and Escalation (TIME) team (20 Jan 2026). "New Phishing Campaign Targeting LastPass Customers". blog.lastpass.com. Archived from the original on 12 Feb 2026. Retrieved 23 Jun 2026.
{{cite web}}: CS1 maint: multiple names: authors list (link) - ↑ Constantinescu, Vlad (22 Jan 2026). "LastPass 'create backup' email is a phishing scam targeting your master password". bitdefender.com. Archived from the original on 17 Feb 2026. Retrieved 23 Jun 2026.