A class-action lawsuit has been filed against LastPass, a popular password management company, by a former customer claiming that the company failed to adequately protect their data, resulting in a hacker allegedly stealing $53,000 in Bitcoin. LastPass has acknowledged two security breaches in August and November of last year, but they emphasize that no customer data or encrypted password vaults were accessed in the August breach and that users' passwords remained safely encrypted in the November breach. LastPass CEO Karim Toubba has also acknowledged that a "threat actor" copied a backup of customer vault data in December, but maintained that the data still remains secure.
The lawsuit is demanding that LastPass disclose all of the types of private information that were compromised during the breach, and to pay compensatory damages and restitution. It is currently unclear how the lawsuit will proceed. It is important to note that LastPass has taken steps to protect their customers and that the data is still secure, however the lawsuit serves as a reminder of the potential risks of using online services and the need for users to take additional steps to protect their data.