LastPass hack again led to the theft of approximately $4.4 million, and users need to be wary of the risks

According to monitoring by on-chain detective ZachXBT, on October 25 (Wednesday) alone, the LastPass hacking attack resulted in the theft of approximately $4.4 million from more than 25 victims. If users believe they may have stored a mnemonic phrase or key in LastPass, please transfer crypto assets immediately. According to previous news in December 2022, password management platform LastPass stated that an unknown hacker used information obtained from an incident they previously disclosed in August 2022 to access a cloud-based storage environment, and some source code and technical information were stolen. , and was used to attack another employee to obtain credentials and keys used to access and decrypt certain storage in a cloud-based storage service. . LastPass has determined that once the hackers obtained the cloud storage access key and dual storage container decryption key, they copied information from the backup, which contained customer account information and related metadata such as company name, end user name, billing address, customer The email address, phone number and IP address used to access the LastPass service. Additionally, hackers were able to copy backups of customer vault data from encrypted storage containers. Hackers may attempt to use brute force to guess a user's master password and decrypt the copy of the vault data they obtain, and may also conduct phishing attacks against online accounts associated with LastPass vaults.