If you used LastPass, you are in serious danger and recommended steps to protect your data.

Password management service LastPass was hacked in August 2022, and the attacker stole users' encrypted passwords, according to the statement from the company. The app was popular among the crypto community for storing seed phrases.

LastPass first disclosed the breach in August 2022, but at that time, it appeared that the attacker had only obtained source code and technical information, not any customer data. However, the company has investigated and discovered that the attacker used this technical information to attack another employee's device, which was then used to obtain keys to customer data stored in a cloud storage system.

Some users report that the situation may be worse than the company reports. One user said, "On Sunday the 18th, four of my wallets were compromised. The losses are not significant. Their seeds were kept, encrypted, in my lastpass vault, behind a 16 character password using all character types. This password was never reused, and was generated using dice rolls."

What should you do if you have used LastPass:

Do not log in to your LastPass account: changing passwords will not change anything because hackers have the vault copy, which can be restored via old passwords.

Send your crypto to a newly created wallet while saving your seed phrase securely (preferably on paper).

Change your passwords on all crypto websites (including exchanges) and in all emails.

Enable two-factor authentication (2FA) on all websites you use and check that it is not connected to the LastPass.

Change passwords to your Apple Cloud and Google accounts and update 2FA.