LastPass attacker stole password vault data, showing Web2’s limitations By Cointelegraph

Password management service LastPass was hacked in August 2022, and the attacker stole users’ encrypted passwords, according to a Dec. 23 statement from the company. This means that the attacker may be able to crack some website passwords of LastPass users through brute force guessing.

LastPass first disclosed the breach in August 2022 but at that time, it appeared that the attacker had only obtained source code and technical information, not any customer data. However, the company has investigated and discovered that the attacker used this technical information to attack another employee’s device, which was then used to obtain keys to customer data stored in a cloud storage system.

An example of a crypto wallet login page. Source: Blockscan Chat