A class action lawsuit has been filed against the password management service LastPass as a result of a data breach in August 2022.
The class action was filed on January 3 with the U.S. District Court of Massachusetts by a plaintiff only known as “John Doe” on behalf of every party who was in a comparable circumstance.
It asserts that a LastPass data breach resulted in the theft of bitcoin worth about $53,000.
LastPass breach causes BTC theft
In accordance with the LastPass “best practices,” the plaintiff claimed he started amassing bitcoin in July 2022 and updated his master password to include more than 12 characters using a password generator.
To facilitate the storage of private keys in the ostensibly secure LastPass user vault, this was done.
As soon as the plaintiff became aware of the data breach, he immediately deleted his personal information from his customer vault. LastPass was compromised in August 2022, according to a statement from the business in December, and the attacker stole encrypted passwords and other information.
“However, on or around Thanksgiving weekend of 2022, Plaintiff’s Bitcoin was stolen using the private keys he stored with Defendant [LastPass].” “The LastPass Data Breach has, through no fault of his own, exposed him to the theft of his Bitcoin and exposed him to continued risk.”
Lawsuit stated
According to the lawsuit, victims now face a significantly higher risk of future fraud and misuse of their personal information, which could take years to manifest, discover, and detect.
It is charged with carelessness, breach of contract, unjust enrichment, and breach of fiduciary duty; however, the number of damages sought was not stated.
Graham Cluley, a cybersecurity expert, claims that the unencrypted data stolen from password vaults includes company names, user names, billing addresses, phone numbers, email addresses, IP addresses, and website URLs.
In December, the password manager acknowledged that if users had weak Master Passwords, attackers might be able to decrypt vaults using brute force to try and guess the weak password.