Data Breaches

LastPass Data Breach 2023: What Happened, Who Was Affected, and Steps to Protect Yourself

November 9, 2023
3 min

Details of the LastPass Data Breach

While the LastPass data breaches initially began in August of 2022, impact continues to make headlines. Most recently, information stolen from LastPass is being linked to mass cryptocurrency thefts totaling in the tens of millions.

The data breach incident(s) resulted in the potential leak of over 30 million customers’ credentials–and the extent of  damage is still being uncovered. Let’s remember how this happened:  Hackers used keylogging software to gain access to an employee’s home computer in August 2022, and were able to use the information they stole to access the LastPass vault. Then, in December 2022, another attack occurred that exacerbated the leak.

Initially, LastPass indicated that personal information of users had not been compromised. However, it was later discovered that the hackers had been successful in gaining access to unencrypted vault-stored data, including personally identifiable customer information linked to various accounts.

Extent and impact of the LastPass Data Breach on consumers

LastPass users before August 2022 are at risk of being impacted by the data breach. LastPass has informed customers of the incident, and updated their status page as new facets unfold.

To date, at least 30 million LastPass user identifiers were exposed to hackers.

What personal data was leaked and exposed in the breach?

Because hackers gained access to encryption keys, they were able to crack into protected credentials stored within the LastPass vault. In addition to customer passwords and end usernames, the following data may have also been compromised:

  • Full names
  • IP addresses
  • Billing information
  • Email addresses
  • Phone numbers
  • Secure notes
  • Autofill data

Here’s what to do if you were impacted

The data involved in the LastPass data breach poses a serious risk to personal accounts due to the nature of the LastPass product itself. Anyone impacted should act quickly to secure their Personally Identifiable Information and user credentials to prevent any further damage. 

  • Choose a new password manager to store credentials
  • Change all old passwords across all accounts
  • Make changes to usernames
  • Sign up for credit and identity theft monitoring services
  • Implement two-factor authentication across all devices
  • FollowLastPass data breach updates to stay apprised of new threats

Cloaked can offer you a secure password and identity manager that goes above and beyond in securing the information of every customer. Each person who creates an account receives their own personal encrypted database that only they can access. This means that your data would remain protected, even in the event of a data breach. In addition to this, you’re further protected due to the use of separate credentials for each merchant you interact with. So, if one company you have an account with is hacked, simply deleting the Cloaked identity is all that’s required. There is no risk of further data leakage. 

Click here to get started today.

Helpful Links and Other Resources

View all