The bad news just keeps on coming for LastPass, as the once-popular password manager now faces a class action lawsuit over its recent security breach.
Passwords remain one of the best ways to ensure your data is safe online. Sure, the outdated security measure is being replaced by passwordless features from tech giants like Google, Apple, Microsoft and, yes, even LastPass, but most experts agree that using a password manager is the safest way to follow best practices.
Unfortunately, LastPass isn't doing much to bolster that belief, as it's experienced multiple breaches in the last few months, inspiring little confidence that password managers can keep you safe online.
LastPass Faces Class Action Lawsuit for Negligence
A class action lawsuit was filed against LastPass in Massachusetts by an anonymous LastPass user, dubbed John Doe in the paperwork, who has used the service since 2016. The lawsuit is suing LastPass for negligence, breach of contract, and deceptive acts.
“Plaintiff and the Class are anxious and alert as they are at a substantial risk of being bombarded with phishing emails and other scams, in addition to the fraud they have already suffered.” – the lawsuit from John Doe
LastPass has been insistent that, while the scope of the breach was vast, its 30 million users are still relatively safe, as the hackers did not gain access to master passwords. Subsequently, they won't be able to access the actual passwords stored in the vaults.
However, hackers did have access to a lot of unencrypted data, including company names, usernames, billing addresses, phone numbers, email addresses, and IP addresses. This kind of stolen data is often used to propagate phishing scams and other nefarious online behavior, which is why the plaintiff is so concerned about their online safety.
Even worse, passwords are getting easier to guess by the hour, with advanced hacking algorithms making short work of even the strongest password. All that to say, the LastPass breach is far more serious than the company wants you to realize.
Are Password Managers Safe?
We have to admit, these LastPass breaches don't make password managers look very good, but the reality is that they remain one of the best ways to shore up your online security. Even amidst this massive breach, passwords are indeed still protected, even if all that other information is out there.
In addition to keeping your passwords secure, these services can check for compromised passwords, recommend stronger passwords, and even manage passwordless logins in some instances. Suffice it to say, password managers are a lot easier than trying to remember 100 passwords with dozens of letters, numbers, and special characters.
Where LastPass went wrong was keeping information from users. The breach occurred in August and the company didn't inform users until days before Christmas when they were distracted with holiday shopping and frigid temperatures. Don't let LastPass' failings turn you off from the best password managers, as they could help you keep your passwords safe from hackers in a pinch.