An unnamed plaintiff, known as John Doe, filed a class action lawsuit against online password management platform LastPass in U.S. District Court for the District of Massachusetts on behalf of other similarly situated plaintiffs.
Alleging that the LastPass data breach resulted in the theft of approximately $53,000 worth of Bitcoin, the plaintiff claims he began accumulating BTC in July 2022 and updated his master password to 12+ characters using a password generator as recommended by LastPass best practices , however, on or around Thanksgiving weekend in 2022, plaintiff’s bitcoins were stolen using his private key stored at defendant’s LastPass.
Previously, LastPass disclosed last December that an unauthorized party had gained access to a third-party cloud storage service, which LastPass used to store archived backups of its production data.