LastPass Data Breach

In August of 2022, LastPass landed in the hot seat as they reported to their customers that there had been unusual activity within LastPass. They assured customers that no data within their vault or their user's vaults was compromised, nor was any personal information. Contrary to their report, a data breach did occur. Data breaches will become more common in 2023, making your security a higher priority than ever.


On December 22, 2022, LastPass confirmed that hackers obtained customer information, including company names, end-user names, billing addresses, email addresses, telephone numbers, and IP addresses. Hackers also accessed a copy of customer vault data, though encrypted, still considered to be dangerous in the wrong hands.

LastPass attempted to reassure its users that the compromised information was encrypted, posing less risk. A master password (reportedly not stored by LastPass) is required to decrypt data. Still, brute force (i.e., guessing passwords) efforts could give hackers access to that encrypted information, depending on the strength of the original user's master password.


Weeks later, a class-action lawsuit was filed by an unnamed plaintiff to recoup losses due to the security breach that allegedly caused the user to lose $53,000 in Bitcoin. This story is far from over, but here are two major lessons that we can take away from this event:

  1. Cloud-based storage comes with risks. Know your alternatives.
  2. Average, repetitive passwords are extremely dangerous


Cloud-based password managers lack the security you need. Consider the best option of local, encrypted password storage directly to your device. IDSeal Pro-Tec, our proprietary device protection suite, allows you to store all your passwords in a locally encrypted vault.

This storage method is superior to password managers like LastPass or 1Password, which store them in the cloud. Both cloud and local-based password managers require a “master password” to decrypt information. In contrast, IDSeal Pro-Tec doesn’t store the encrypted vault data on servers that can be accessed by hackers. Hackers could only access a user’s encrypted password vault by first accessing and overtaking the user’s device, then by brute force guessing the master password to decrypt the data.


Finally, it’s important to stress that the weak passwords of yesteryear are no longer good enough. Update your passwords to be difficult and use these guidelines to help you:

  • Use a combination of uppercase and lowercase letters, numbers, and special characters
  • Longer passwords are stronger; use at least 12 characters
  • Use unique passwords for each account; a password manager makes this simple!
  • Avoid using memorable or common keyboard paths (sorry, 123456 and qwerty are out!)
  • Skip using any personal information

Combine these tips with IDSeal Pro-Tec, and you will have the best available protection on the market! Go to our Protection and Plans page to pick the best plan for you.

1It is not possible to prevent all identity theft or cybercrime, or to effectively monitor all activity on the internet. IDSeal cannot and does not guarantee complete protection against cybercrime or identity theft. IDSeal does not monitor the activities of all financial institutions, or all activities of any particular financial institution. Review the IDSeal Terms and Conditions for specific details regarding IDSeal services.

2The Identity Theft Insurance is underwritten and administered by American Bankers Insurance Company of Florida, an Assurant company under group or blanket policy(ies). The description provided in the Summary of Benefits is a summary and intended for informational purposes only and does not include all terms, conditions and exclusions of the policies described. Please refer to the actual policies for terms, conditions, and exclusions of coverage. Coverage may not be available in all jurisdictions. Review the Summary of Benefits.

3Recurring pricing shown excludes applicable sales tax. By enrolling as an IDSeal member under any plan, you authorize IDSeal to charge your payment method (credit/debit card) on a recurring basis for the fees associated with your membership plan. Review the IDSeal Terms and Conditions for important information regarding your membership, including your membership term, and your right to cancel; and review the IDSeal Privacy Policy for information regarding how IDSeal collects and processes your information.

4The credit scores provided are VantageScore 3.0 credit scores based on data from Equifax®, Experian® and TransUnion®. Any one bureau VantageScore mentioned is based on Experian data only. Please see the IDSeal Terms and Conditions for more information on credit scores.

5IDSeal Pro-Tec provides tools and resources to protect your data and identity, but no one can prevent all cybercrime or identity theft. Your own efforts are important to prevent unauthorized access to your personal information.

Terms and Conditions | Privacy Policy | Terms of Use | Accessibility Statement | Upgrade