Premium
This is an archive article published on January 7, 2023

LastPass password manager faces class-action lawsuit over recent breach

Filed this week anonymously in the US district court in Massachusetts, the lawsuit demands that LastPass pay up in consumer damages.

google-preferred-btn
LastPass_NEW1_LEAD(Image credit: Shruti Dhapola/Indian Express)
Listen to this article
LastPass password manager faces class-action lawsuit over recent breach
x
00:00
1x 1.5x 1.8x

LastPass, which has over 33 million registered users, is now facing a class action lawsuit for failing to prevent a major breach last year. While the password manager app seemed to initially downplay the extent of the breach, LastPass in December last year revealed that the breach potentially exposed the data of 25 million users.

Filed this week anonymously in the US district court in Massachusetts, the lawsuit alleges that the time between the incident and this disclosure gave bad actors the chance to use the stolen data to their full advantage. It also demands the company pay in damages, although the figure sought is not known at the moment.

“By accessing Plaintiff’s and Class members’ Private Information, hackers can simply unlock the stolen vaults using the victims’ respective master passwords, which were likely stored by LastPass and ultimately accessed by the bad actors and wreak financial havoc on the lives of LastPass users like Plaintiff,” reads the lawsuit where the plaintiff is only named as “John Doe.”

Story continues below this ad

The company in its most recent report about the incident had suggested that the hackers can’t access the stolen password vaults since they’d need the master keys for that. But the lawsuit points out that the hackers were still able to copy sensitive information like names, end-user names, billing addresses, email addresses, telephone numbers, IP addresses, which could be used to scam concerned users.

“Not only has this statement not been verified through discovery, but it is also a shameless attempt by LastPass to shift the blame of the Data Breach’s resulting negative impact on Plaintiff and Class members,” the lawsuit argues.

The part about LastPass shifting the blame is in reference to the password manager saying in its statement that “it would be extremely difficult to attempt to brute force guess master passwords for those customers who follow our password best practices.”

Aside from paying up in consumer damages, the class-action lawsuit is also demanding that the court force LastPass implement better security measures.

© IE Online Media Services Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
Maharashtra CM Devendra Fadnavis (left) has ordered a probe into the alleged undervalued sale of 40 acres of Pune land to Parth Pawar’s firm, the son of Dy CM Ajit Pawar (centre).
CitiesFadnavis orders probe into deal linked to Ajit Pawar’s son
How Lagaan, Gadar, Dil Chahta Hai changed Hindi film industry.
Entertainment25 years of Indian cinema: With Lagaan, Gadar, Dil Chahta Hai, 2001 changed our films
Indian techie’s parents’ reaction to his first salary
TrendingIndian techie’s parents’ reaction to his first salary wins internet’s hearts: ‘This is a lot of money’
T20 World Cup 2026: Narendra Modi Stadium in Ahmedabad is shortlisted to host the final.
SportsT20 World Cup 2026: Narendra Modi stadium in Ahmedabad shortlisted to host final
Zohran Mamdani is the new mayor of New York City.
OpinionIn New York, Zohran Mamdani crafted a campaign that went beyond identity -- that's how he won
Live Blog
Loading Taboola...
Advertisement