What are you doing to prevent LastPass from being hacked in the future? We continue to earn our user’s trust by looking to our fellow community to challenge our technology, reacting promptly, and communicating transparently. Communication with users will depend on the incident and those of the highest priority will include emails, blog posts, and social posts. Our team reacts swiftly to reports of bugs or vulnerabilities and communicates openly with our community. LastPass values transparency in its incident response procedures. How will I know if LastPass has been hacked?
LastPass is market-tested by over 43,000 companies, including Fortune 500 and leading tech enterprises.
We utilize industry best practices to protect our infrastructure, including regularly upgrading our systems, as well as utilizing redundant data centers to reduce the risk of downtime or a single-point-of-failure. Sensitive data stored in LastPass is encrypted at the device level with AES-256 encryption before syncing with TLS to protect from on-path attackers. LastPass operates on a zero-knowledge security model. While a security incident is not ideal for any company, the incident was quickly remediated, our product strengthened because of it and we are proud to have a strong track record of transparency with our community. We also installed HSMs at our data centers to further lock down SAML keys and user password hints.
When the incident was discovered, we immediately took steps to detect the network breach, adding the requirement of two-step verification for all users within 1 hour of detecting the breach. Even under this most extreme test, our systems performed as designed and protected the encrypted vault data of our users furthering our conviction and commitment to our 'zero knowledge' security model in which LastPass never has your master password or access to the data within your vault. Bottom line, no encrypted vault data was compromised. LastPass experienced a single security incident in our 10-year history, back in 2015.
As a software company, bugs and issues arise naturally and while they’re uncomfortable and concerning, they’re part of the natural process that make LastPass as secure as it is. We strive to ensure our customer’s most sensitive information is kept private and safe, at all costs. Explore our security timeline and how LastPass keeps you safe in the event of a hack.Īs a password manager, security is our top priority.