LastPass Undergoing Comprehensive Security Redesign
In the summer of 2022, cybersecurity company LastPass suffered a major breach that compromised sensitive customer data, including encrypted vault backups. Since then, the company has been grappling with ongoing security issues and customer trust problems.
Last year's attack exposed a cloud-based backup of all customer vault data, and in the summer of 2025, another breach occurred via a compromised developer account. This latest incident exposed some customer information and parts of the source code, though user vault data and master passwords remained secure. However, the ongoing incidents have resulted in significant losses, with over $12 million in cryptoassets reportedly stolen in July 2025 alone, and total estimated losses exceeding $250 million.
In response to these breaches, LastPass has engaged external security experts like Mandiant to investigate and has publicly committed to improving security. They have released updates and recommendations for customer best practices. Meanwhile, competitors like 1Password have made improvements to their import tools from LastPass, reflecting migration trends by users unhappy with LastPass’ security.
The impact on customer trust and churn has been significant. Many users continue to suffer losses due to the lingering effects of the 2022 breach and have moved to alternative password managers. Security analysts criticize LastPass for a lack of ownership in preventing further losses despite changes in their security team.
LastPass has taken several steps to address these vulnerabilities and prevent future breaches. They have deployed FIDO2 hardware security keys, switched to an endpoint detection and response (EDR) system, and improved logs and alerts in their security orchestration, automation and response (SOAR) platform. The company has also hardened key component rotations for Okta and Microsoft Azure AD, added a cloud security posture management (CSPM) layer to all cloud infrastructure, and is moving to a new source code management system.
LastPass CEO Karim Toubba believes these changes will result in a more modern and secure customer experience. He anticipates that the company's customer churn rates will improve and return to pre-security incident numbers in early 2024. Toubba has stated that this is a systemic change critical for customers' security and the company's future outlook.
In addition, LastPass has implemented code-safety initiatives for SBOM and elevated compliance with supply chain levels for software artifacts. They have also invested in a secure access service edge (SASE) deployment and reset security information and event management (SIEM) Splunk tokens, deploying a new SIEM integration in mid September that stores access tokens in encrypted form. LastPass has improved recovery options for one-time passwords and is undergoing a security overhaul, a multiyear and multimillion-dollar effort.
Despite these efforts, Toubba declined to disclose the number of businesses currently using LastPass, but in a June interview, he mentioned about 115,000 business customers. The cyberattack has damaged LastPass’ reputation and market position, but the company is hopeful that their ongoing security improvements will help rebuild trust among enterprise and individual users.
In an attempt to rebuild trust across their user base, LastPass has implemented code-safety initiatives, such as improving recovery options for one-time passwords and investing in a secure access service edge (SASE) deployment. They have also elevated their compliance level with supply chain standards for software artifacts and are undergoing a significant security overhaul.
In response to the compromised customer data, LastPass has taken proactive steps to enhance cloud security by adding a cloud security posture management (CSPM) layer to all cloud infrastructure, switching to an endpoint detection and response (EDR) system, and deploying FIDO2 hardware security keys. These measures are intended to provide a more modern and secure customer experience, with the ultimate goal of reducing ongoing cybersecurity issues and improving customer trust.
