Carding 4 Carders
Professional
- Messages
- 2,729
- Reaction score
- 1,521
- Points
- 113
The popular password manager "planted a pig" to its users.
Over the past few days, discussions have intensified about a serious cybersecurity incident involving the compromise of user data from the LastPass password manager. Researchers of cryptocurrency fraud revealed the theft of cryptoassets worth $4.4 million, carried out on October 25. According to them, the criminals used private keys and passphrases stolen from LastPass databases.
ZachXBT researcher (hereinafter referred to as "Zack") and MetaMask developer Taylor Monahan tracked a series of similar thefts. Zack said: "We regularly receive messages from people who have lost their crypto assets. We also independently reach out to victims that we find on the blockchain."
In the course of the study, a common factor for all victims was the use of LastPass. In 2022, the service experienced two significant security breaches (in August and December), during which attackers gained access to the source code, customer data, and backups stored in cloud services, including encrypted password stores.
Initially, it was assumed that the encrypted storages remained inaccessible to hackers, since they require a master password known only to the user to decrypt them. However, given recent events, it is clear that attackers managed to break into some of the vaults.
According to the study, criminals use hacked data to access victims ' crypto wallets and then withdraw funds. Monahan noted back in August: "At this stage, I am sure that in most cases the keys were stolen from LastPass. The number of victims who stored specific key groups exclusively in LastPass is too high to ignore."
In light of the new data, LastPass users, especially those who used the service during the incidents in August and December 2022, are strongly encouraged to change all their passwords, including the master password, to prevent possible financial losses.
Over the past few days, discussions have intensified about a serious cybersecurity incident involving the compromise of user data from the LastPass password manager. Researchers of cryptocurrency fraud revealed the theft of cryptoassets worth $4.4 million, carried out on October 25. According to them, the criminals used private keys and passphrases stolen from LastPass databases.
ZachXBT researcher (hereinafter referred to as "Zack") and MetaMask developer Taylor Monahan tracked a series of similar thefts. Zack said: "We regularly receive messages from people who have lost their crypto assets. We also independently reach out to victims that we find on the blockchain."
In the course of the study, a common factor for all victims was the use of LastPass. In 2022, the service experienced two significant security breaches (in August and December), during which attackers gained access to the source code, customer data, and backups stored in cloud services, including encrypted password stores.
Initially, it was assumed that the encrypted storages remained inaccessible to hackers, since they require a master password known only to the user to decrypt them. However, given recent events, it is clear that attackers managed to break into some of the vaults.
According to the study, criminals use hacked data to access victims ' crypto wallets and then withdraw funds. Monahan noted back in August: "At this stage, I am sure that in most cases the keys were stolen from LastPass. The number of victims who stored specific key groups exclusively in LastPass is too high to ignore."
In light of the new data, LastPass users, especially those who used the service during the incidents in August and December 2022, are strongly encouraged to change all their passwords, including the master password, to prevent possible financial losses.
