Lastpass Data Breach Raises Alarms, Some Claim Incident May Be Worse Than Reported –


Experts in cybersecurity, software programming and fintech have been discussing the topic after two days ago when Lastpass revealed that hackers had gained access to their accounts by breaching security earlier in the year. The company said that an “unknown threat actor” had accessed the cloud-based storage environment and was also able to copy a backup copy of customer vault data.

Lastpass Report Indicates a “Threat Actor” Was Able To Copy Backup Data

On December 22, 2022, Lastpass revealed that an “unknown threat actor” had compromised their cloud-based storage environment in August 2022. Following the news, a topical discussion has been taking place across social media and forums as this is a popular method to reach out to large groups of people. Some believe that the situation “may be worse than what they are letting on.”

Lastpass claims that encryption data is protected with 256-bit AES encryption and that only the master password of each user can decrypt the information. Lastpass does not store or maintain the master password and is not able to access it.

The proprietary binary format also contained sensitive fields and unencrypted information, such as URLs to websites. Usernames will be fully encrypted, passwords, secure notes and data entered in forms are also protected.

Lastpass Security Guarantee Not Convincing to Critics

Despite this assurance, a variety of reports indicate that the situation is far worse than Lastpass is letting on. Andrew Heinzman, writing for, states that “you should stop using Lastpass.” He goes on to say that even with a strong master password, there is still a chance of hackers stealing some information. Udi Wertheimer, a crypto supporter, also warned that “the attackers probably have a copy of your vault.” Both Heinzman and Wertheimer advise that users stop using Lastpass.

A Twitter user claiming to be an engineer for the company seven-years ago also said that Lastpass’s noncompliance is a big problem. “This is the worst breach Lastpass has ever had, by far,” they said. “The key difference is that this time client vaults were accessed, which are kept in a completely separate database.”

Tags In this story

AES 256-bit encryption, Andrew HeinzmanCryptoFormer engineer

Related articles

Recent articles