In a troubling development for LastPass users, hackers have reportedly siphoned $5.36 million from the platform just days ahead of Christmas, compounding ongoing security concerns stemming from a data breach last December. The breach allowed malicious actors to access a backup of customer vault data that included sensitive information.
This recent theft adds to a grim tally that now exceeds $45 million, including a previous incident in October that resulted in $4.4 million in losses. The latest attack saw the stolen assets converted to Ether (ETH) and swiftly moved to various instant exchanges, drawing attention from blockchain analysts and cybersecurity experts.
In light of these breaches, experts warn that any private keys and seed phrases stored in LastPass prior to 2023 remain vulnerable. Security professionals are urging former LastPass users to transfer their assets to safer platforms to mitigate risks associated with further thefts.
The timing of these attacks is particularly concerning as the festive season has become known as “hacker season.” An increase in scams has been reported during this period, with cybersecurity firms warning consumers to remain vigilant against fraudulent activities, especially as they engage in holiday shopping. Users are advised to be cautious with their personal information and avoid public Wi-Fi networks, as hackers often take advantage of seasonal distractions to execute their schemes.
Additionally, platforms like Meta have sounded alarms over holiday-themed scams, identifying various misleading promotions aimed at holiday shoppers. The scams highlight a resurgence in cybercriminal activity as the holiday season approaches, prompting users to be extra cautious, especially when it comes to cryptocurrency exchanges and transactions. As phishing attempts surged in November, this year’s holiday season poses a significant risk for unsuspecting individuals.
