LastPass Hackers Breach Company's Password Vault. Is Your Data At Risk? Further investigation into the first LastPass hacking incident, which occurred in 2022, revealed that the hackers obtained access to corporate files.

By Madeline Garfinkle Edited by Jessica Thomas

Opinions expressed by BIZ Experiences contributors are their own.

The password manager LastPass has announced new details about a hacking incident that occurred in August 2022.

At the time, LastPass said that although an "authorized party" gained entry to its system, no evidence was found that the hackers obtained user data. Now, evidence has emerged that the hackers appear to have gained access to an employee's home computer and infiltrated a "shared cloud-storage environment," which "initially made it difficult for investigators to differentiate between threat actor activity and ongoing legitimate activity."

Related: Apple to Roll Out First of Its Kind Technology to Protect Users from Hackers, Spyware

The hackers gained access to the employee's computer by installing a keylogger into the software to obtain the employee's password for the LastPass corporate vault. Once they were in the vault, they exported entries and shared folders that contained decryption keys needed to unlock cloud-based Amazon S3 buckets with customer vault backups.

LastPass announced key initiatives it is taking to address the "ongoing containment, eradication and recovery activities related to the second incident," including "hardening to security" of employees' resources and home networks.

Related: Hackers Steal $620 Million in Massive Gaming Crypto Heist

With so much of life requiring passwords for day-to-day functions — from email to apps — LastPass was founded to help individuals navigate all their passwords in one secure place.

Is your data at risk?

GoTo, LastPass' parent company, announced in January that it will inform individuals if their data has been breached and provide "actionable steps" to ensure greater security for their accounts.

Although it's still unclear how many users were affected by the hack, Kiplinger suggests it's better to be safe than sorry and take action immediately by changing important passwords, using websites like HaveIBeenPwned.com or even switching password managers.
Madeline Garfinkle

News Writer

Madeline Garfinkle is a News Writer at BIZ Experiences.com. She is a graduate from Syracuse University, and received an MFA from Columbia University. 

Want to be an BIZ Experiences Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
Starting a Business

These Brothers Started a Business to Improve an Everyday Task. They Made Their First Products in the Garage — Now They've Raised Over $100 Million.

Coulter and Trent Lewis had an early research breakthrough that helped them solve for the right problem.

By Amanda Breen
Business Ideas

70 Small Business Ideas to Start in 2025

We put together a list of the best, most profitable small business ideas for BIZ Experiencess to pursue in 2025.

By Eve Gumpel
Franchise

How to Prepare Your Business — And Yourself — For a Smooth Exit

After decades of building your business, turning it over to someone else can be emotional. But with the right mindset and a strong plan, it can also be your proudest moment.

By Ray Titus
Data & Recovery

We Found Four of the Top Alternatives to Dropbox That Don't Have Monthly Subscription Fees

All last for life, and not one of them is more than $200.

By BIZ Experiences Store
Franchise

10 No-Office-Required Businesses You Can Start for as Little as $5,000

With strong Franchise 500 rankings and investment levels starting under $5,000, these brands are ready for new owners to hit the ground running.

By Carl Stoffers
Business News

Here Are the 10 Jobs AI Is Most Likely to Automate, According to a Microsoft Study

These careers are most likely to be affected by generative AI, based on data from 200,000 conversations with Microsoft's Copilot chatbot.

By Sherin Shibu