Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

LastPass customer password vault backups exposed

Data Leak
First reported
Last updated
Happening score
H score 26
3 unique sources, 3 articles

Summary

Hide ▲

The 2022 LastPass data leak exposed backups of about 30 million customer password vaults, leaving more than 25 million users with a long-tail risk of offline cracking. The exposed vaults could be tested against weak master passwords without touching LastPass systems. That made the leak dangerous well beyond the original breach window because the stolen material could be abused over time.

Related Happenings

Vect ransomware flawed ChaCha20 implementation destroys large files

Technical Analysis
First: 29.04.2026 13:45 Last: 29.04.2026 13:45 Sources 1

About this happening: **Vect 2.0 ransomware** was shown to use **raw ChaCha20-IETF (RFC 8439)** without authentication, causing files above **128 KB** to be permanently destroyed across **Windows, Linu...

Open Happening

LastPass users phishing campaign using fake support threads

Campaign
First: 04.03.2026 22:44 Last: 04.03.2026 22:44 Sources 1

About this happening: A **phishing campaign** is targeting **LastPass users** with fake account-access alerts, putting **vault credentials** at risk. The lure uses spoofed support threads and urgent li...

Open Happening

Cloud password-manager zero-knowledge attack study exposes vault-recovery and integrity flaws

Technical Analysis
First: 16.02.2026 20:06 Last: 16.02.2026 20:06 Sources 1

About this happening: A new **password-manager security study** found **25 attack classes** against **Bitwarden**, **LastPass**, **Dashlane**, and **1Password**, undermining **zero-knowledge encryption...

Open Happening

Bitwarden LastPass Dashlane and 1Password vault compromise flaws security flaw

Vulnerability
First: 16.02.2026 19:15 Last: 16.02.2026 19:15 Sources 1

About this happening: **Bitwarden, LastPass, Dashlane and 1Password** were found to have **cloud password manager vulnerabilities** that could let an attacker **view, change, recover, or delete vault p...

Open Happening

ShinyHunters data-leak site exposing stolen attack data

Data Leak
First: 31.01.2026 17:02 Last: 31.01.2026 17:02 Sources 1

About this happening: The **ShinyHunters** extortion gang launched a **data-leak site**, beginning to publish data tied to the theft campaign and raising the exposure risk for victims.

Open Happening

Timeline

  1. 05.01.2026 11:30 3 articles · 4mo ago

    TRM Labs links LastPass vault exposure to multi-year crypto thefts

    Technical Analysis Update

    TRM Labs said the 2022 LastPass exposure of around 30 million customer password vault backups created a long-tail risk for more than 25 million users, allowing Russian cybercriminals to drain digital wallets over multiple waves. The firm traced about $28m stolen from 2024 to early 2025, another $7m in September 2025, and withdrawals continuing into October 2025, with funds routed through Cryptomixer.io, Cryptex, Wasabi Wallet, and Audi6.

    Show sources
    Open in new tab
  2. 11.12.2025 19:09 1 articles · 5mo ago

    ICO fines LastPass over 2022 customer data leak

    Victim Impact Update

    The UK Information Commissioner's Office fined LastPass £1.2 million after finding that an August 2022 breach led to theft of personal information, encrypted password vaults, and customer backup data for up to 1.6 million UK users, including company names, end-user names, billing addresses, email addresses, telephone numbers, website URLs, and IP addresses.

    Show sources
    Open in new tab