According to Bleeping Computer, crypto fraud researchers at ZachXBT, and MetaMask developer Taylor Monahan have reported that on October 25, 2023, “hackers have stolen $4.4 million in cryptocurrency using private keys and passphrases stored in stolen LastPass databases.”
According to a post by ZachXBT, “Just on October 25, 2023, alone another~$4.4M was drained from 25+ victims as a result of the LastPass hack. Cannot stress this enough, if you believe you may have ever stored your seed phrase or keys in LastPass migrate your crypto assets immediately.”
Following the two incidents involving the theft of source code and customer data from LastPass in 2022, LastPass recommended that all users implement its password best practices [Privacy Tip #287 – Double Down on Passwords] and to reset master passwords if those passwords were weak.
According to Wired, “if you are a LastPass user who had an account during the August and December 2022 breaches, it is strongly suggested that you reset all of your passwords.”