This post began as a note on Slack, but given the length and subject matter, I decided a blog post would be more appropriate.
Brian Krebs did a fantastic job, as usual, in his Sept 5 article on cryptocurrency thefts that may be connected to the 2022 LastPass breach (or possibly breaches). To be clear, I write “may” because I have no involvement or first-hand information, but in my opinion the information Brian presents appears credible.
As you may recall, criminals allegedly (keeping my lawyer happy) stole copies of encrypted LastPass vaults. The question that has plagued us is how resistant those vaults are to offline cryptographic attacks. An answer seems to be emerging, and it’s probably not what LastPass users (or former LastPass users) hoped to hear.
In summary, there are indications that criminals may have been able to crack some LastPass vaults stolen in the LastPass breach and use that information to steal large sums of cryptocurrency. If vaults are indeed being compromised, here are a few of the implications:
- Any password that was stored in a LastPass vault, and has not been changed, could potentially be compromised.
- Any notes, recovery codes, backup codes, two-factor authentication bypass codes, etc., stored in LastPass notes could potentially be in the hands of criminals.
- More specific to Brian’s article, any cryptocurrency seeds or wallet recovery information stored in LastPass could potentially be compromised. If so, criminals could use this information to steal all cryptocurrency in the wallet.
At this point, it is difficult to tell how many encrypted LastPass vaults were stolen by criminals, how successful cracking efforts have been, or whether some LastPass configurations are more resistant than others. But, it is unfortunately possible that criminals could possess a decrypted copy of everything that was contained in a compromised LastPass vault. Therefore, out of an abundance of caution, my advice remains the same: Consider all information stored in LastPass prior to Feb 2023 potentially compromised.
The potential impact on individual accounts varies. For example, if you stored a Google password in LastPass and you use a Yubikey for Multi-Factor Authentication (MFA), the risk should be significantly mitigated (although I still recommend changing that password). But, if you also stored Google recovery codes (used to bypass MFA) in your LastPass vault, and they are compromised, the recovery codes can be used instead of the Yubikey, resulting in the compromise of your Google account.
Similarly, if you have a cryptocurrency wallet and you stored the seed (or other recovery information) in LastPass, I suggest that you take immediate action to protect your wallet. I’m not a cryptocurrency expert, but my understanding is that the seed cannot be changed, and the best course of action is therefore to create a new secured wallet and transfer your cryptocurrency to it.
At the risk of stating the obvious, I no longer recommend LastPass. I have lost confidence in the company from both security design and operational security perspectives.
In addition to changing passwords and taking other actions to protect yourself in the event that your LastPass vault was stolen and compromised, you should avoid storing recovery and backup codes, etc., in any password manager. There is a growing trend for password managers to also offer to store MFA credentials, including TOTP (aka Google Authenticator, Authy, etc.), and that’s a terrible idea. Ideally, no single compromise should impact both your password and MFA credentials.
Please use MFA wherever possible. I recommend Google Authenticator or Authy on your mobile phone (not on your PC) and/or a pair of Yubikeys. That way, if your password manager (or desktop computer) is ever compromised, the risk of a criminal also gaining access to your MFA method is significantly reduced. Let’s make things as difficult as possible for criminals.