‘Stronger-than-typical’? Lawsuit blasts LastPass data breach notice
In sum, the lawsuit claims the information exposed by LastPass is “extremely valuable” and could be used to “wreak financial havoc” on the lives of victims. Moreover, the exposure of customers’ billing addresses, i.e., their home addresses, puts them at an “especially high risk” of ransom threats and blackmail attempts by cybercriminals attempting to gain access to their accounts, the case alleges. The lawsuit further stresses that the exposure of the unencrypted website URLs in customers’ vaults could allow cybercriminals to target specific vaults that they believe to be high value, such as those belonging to users who have purchased cryptocurrency. If they are able to guess it, the game is over.”
The exposure of customer vault data is significant, the suit says, because each customer’s vault-which contains website usernames and passwords, secure notes, form-filled data and other sensitive (and possibly unencrypted) information-can be accessed with one master password.Īs one security researcher put it, “he only thing preventing the threat actors from decrypting your data is your master password. What information was exposed during the LastPass data breach?Īccording to the lawsuit, LastPass customers’ names, end-user names, billing addresses, email addresses, phone numbers, IP addresses and vault data may have been compromised during the breach. “While the exact reason(s) for the Data Breach remain unclear, there is no doubt that Defendant failed to adequately protect Plaintiff’s and Class members’ Private Information and incorporate the tools necessary to keep such Private Information safe such negligent failures resulted in the injuries alleged herein,” the complaint states. The lawsuit claims LastPass data breach victims-the total number of which may reach into the millions given the company’s 30-million-strong user base-now face a heightened risk of identity theft and fraud, and even a threat to their physical safety given their home addresses and the types of accounts they own may have been exposed.
To make matters worse, the case claims LastPass’ response to the breach was just as lackluster, with the company apparently waiting months to notify victims and “shameless” attempting to shift the blame for any negative consequences onto users.
Want to stay in the loop on class actions that matter to you? Sign up for ’s free weekly newsletter here.
0 kommentar(er)
