← Password Managers
F

LastPass Password Manager

Claimed 'zero-knowledge' encryption. Hackers stole 25.6 million vaults. URLs, email addresses, and company names were stored unencrypted. $438 million stolen from cracked vaults.
Fail
GoTo · 🇺🇸 United States
PolicyApp PermissionsNetwork TrafficFirmwareRegulatory
Technical details
App: com.lastpass.lpandroid
Manufacturer: LogMeIn / GoTo (now LastPass)

⚠️ The bottom line

LastPass told 33 million users it had "zero-knowledge" architecture — meaning they could never see your data. The 2022 breach proved that was a lie. Website URLs, email addresses, company names, and form field names were all stored unencrypted. Attackers didn't need to crack the vault to know which banks you used, which crypto exchanges you held funds on, and where you worked. "Zero knowledge" meant "we know quite a lot, actually.". LastPass used 5,000 encryption rounds for accounts created before 2018 — the industry standard was 600,000. A single $800 graphics card can try 1.5 million guesses per second against those vaults. Researcher Taylor Monahan tracked 150+ drained cryptocurrency wallets — all former LastPass users. The FBI linked $150 million in crypto theft directly to cracked LastPass vaults. TRM Labs put the total at $438 million. The class action settled for $24.45 million — about 5 cents on the dollar of what was stolen.

Legal jurisdiction
🇺🇸 United States (headquarters)
CLOUD Act read more →
US govt can demand your data from this company even if stored overseas
FISA §702 / PRISM read more →
NSA collects stored emails, photos, messages without individual warrants
Geofence warrants read more →
Police can demand location data for everyone near a crime scene
Spying
3/4 HIGH
Is someone spying on me?
Data Sharing
3/4 HIGH
Who gets my data?
Security
4/4 EXTREME
Is it actually secure?
Honesty
4/4 EXTREME
Can I trust what they say?
REPLACE Extreme risk. Look for alternatives or lock down hard.
Use KeePassXC or Bitwarden instead
Zero cloud/zero telemetry (KeePassXC) or open source (Bitwarden)
See report →
18Contradictions
9Critical
8High
1Medium
14Sources
Findings by concern
Spying 3/4 HIGH 2 findings
⚡ highpolicy claims vs regulatory findings
LastPass held SOC 2 Type II certification — the gold standard for proving your security controls work. Auditors checked the boxes, issued the certificate, and it's still on the website. Then a hacker walked in through one employee's home PC, maintained access for three months undetected, and stole every vault in the company. The audit framework that was supposed to catch exactly this kind of risk missed it entirely.

What they claim: LastPass claims SOC 2 Type II compliance demonstrating security controls

What we found: Despite SOC 2 certification, a single employee's compromised personal device led to complete infrastructure breach. No public third-party encryption audit has ever been published. Post-breach security engagement was with Mandiant (incident response), not a proactive security audit.

⚡ highmarketing claims vs app permissions
A password manager is supposed to be the most secure app on your phone. LastPass put seven trackers in it. Google Analytics. Google CrashLytics. Firebase. Tag Manager. AppsFlyer. MixPanel. And Segment -- a tool specifically built for marketing teams to profile users across platforms. Your password manager was profiling you for advertisers. 1Password has zero trackers. KeePass has zero. Bitwarden has two crash reporters. LastPass had seven, including one designed to help marketing teams build profiles of your behavior. The app holding every password you own was simultaneously reporting your usage patterns to Google and marketing analytics firms. A vault with seven peepholes is not a vault.

What they claim: LastPass markets itself as a secure password manager that "simplifies everything online" while keeping credentials safe and private.

What we found: German security researcher Mike Kuketz discovered seven embedded trackers in the LastPass Android app in 2021. The trackers included: Google Analytics, Google CrashLytics, Google Firebase Analytics, Google Tag Manager, AppsFlyer, MixPanel, and Segment. Segment is specifically designed to collect data for marketing teams to profile users and connect their activity across different platforms for targeted advertising. A password manager is the single most security-critical app on any phone -- it holds the keys to every other account. Embedding seven trackers, including a marketing profiling tool, in an application designed to protect secrets is an architectural contradiction. By comparison: 1Password contains zero trackers. KeePass contains zero trackers. Bitwarden contains two (Google Firebase and Microsoft crash reporting only). LastPass contained seven, including one explicitly designed for marketing surveillance.

Security 4/4 EXTREME 16 findings
⚠️ criticalpolicy claims vs firmware analysis
LastPass told 33 million users it had "zero-knowledge" architecture — meaning they could never see your data. The 2022 breach proved that was a lie. Website URLs, email addresses, company names, and form field names were all stored unencrypted. Attackers didn't need to crack the vault to know which banks you used, which crypto exchanges you held funds on, and where you worked. "Zero knowledge" meant "we know quite a lot, actually."

What they claim: LastPass claims 'zero-knowledge' architecture — 'LastPass never has access to your master password'

What we found: The 2022 breach revealed unencrypted vault metadata including website URLs, form field names, and email addresses. Zero-knowledge means the provider can't see ANY user data, but LastPass stored significant user data in plaintext. The stolen vault backups also included unencrypted company names and end-user names.

⚠️ criticalfirmware analysis vs regulatory findings
LastPass used 5,000 encryption rounds for accounts created before 2018 — the industry standard was 600,000. A single $800 graphics card can try 1.5 million guesses per second against those vaults. Researcher Taylor Monahan tracked 150+ drained cryptocurrency wallets — all former LastPass users. The FBI linked $150 million in crypto theft directly to cracked LastPass vaults. TRM Labs put the total at $438 million. The class action settled for $24.45 million — about 5 cents on the dollar of what was stolen.

What they claim: LastPass used PBKDF2-SHA256 with only 5,000 iterations for legacy accounts created before 2018

What we found: FBI linked $150M+ in cryptocurrency theft directly to cracked LastPass vaults. A single RTX 4090 GPU can attempt 1.5 million guesses/second against 5,000-iteration vaults. At least $438M total stolen from LastPass users according to TRM Labs analysis. Class action settlement: $24.45M.

⚠️ criticalpolicy claims vs regulatory findings
A LastPass engineer ran Plex media server on their home computer and never updated it. Hackers used a vulnerability from 2020 (CVE-2020-5741) to install a keylogger, captured the engineer's master password, and walked into LastPass's AWS backup infrastructure. Only 4 people on Earth had that access. One home media server — unpatched for two years — cost 25.6 million users their password vaults.

What they claim: LastPass privacy policy states they implement 'appropriate technical and organizational security measures'

What we found: A senior DevOps engineer's personal Plex server (CVE-2020-5741) was exploited to install a keylogger, capturing the master password for LastPass backup infrastructure. Only 4 employees had this access. The attacker maintained access from August to October 2022 undetected.

⚠️ criticalpolicy claims vs firmware analysis
LastPass encrypted your passwords but stored the website URLs in plaintext. So attackers who stole the vaults could see you had accounts at Coinbase, Kraken, and Binance — without cracking a single password. Combined with your unencrypted email and employer name, they knew exactly who to target. The encryption protected the password. It did not protect the knowledge of what the password was for.

What they claim: LastPass claims data is 'encrypted at rest and in transit'

What we found: Vault URLs were stored unencrypted, revealing which services users had accounts with. Combined with unencrypted email addresses and company names, attackers could identify high-value targets (crypto holders) without ever cracking the vault encryption.

⚠️ criticalfirmware analysis vs regulatory findings
After the breach, LastPass increased encryption rounds from 5,000 to 600,000. But that only protects vaults going forward. The 25.6 million vaults already stolen are still encrypted at the old, weak level — permanently. The criminals have a copy that will never get stronger. Every day, hardware gets faster and the cracking gets cheaper. LastPass fixed the door after the house was emptied.

What they claim: LastPass increased default PBKDF2 iterations to 600,000 in 2023 after the breach

What we found: The iteration increase was not retroactively applied to existing vaults that had already been stolen. The 25.6 million users whose vaults were exfiltrated remain permanently vulnerable at their old iteration count. The fix protects future vaults, not the ones already in criminal hands.

⚠️ criticalmarketing claims vs third party research
LastPass promised your passwords were safe behind 256-bit encryption. In November 2022, hackers stole 25 million people's encrypted password vaults. Then they started cracking them. TRM Labs traced over $438 million in stolen cryptocurrency directly to cracked LastPass vaults. Ripple co-founder Chris Larsen lost $150 million in a single theft. Every month from December 2022 to September 2023, two to five people lost six-figure crypto holdings. Taylor Monahan of MetaMask investigated dozens of victims. The common thread: they all stored their crypto seed phrases in LastPass. Older accounts were easiest to crack -- some used as few as 1 encryption iteration. The stolen vaults are still being cracked. Three years later, people are still losing everything. $438 million and counting.

What they claim: LastPass marketed itself as the secure way to store passwords, with "256-bit AES encryption with PBKDF2-SHA256 and salted hashes" protecting user vaults, claiming "even LastPass cannot access your master password."

What we found: In November 2022, attackers stole encrypted backup copies of approximately 25 million customer password vaults. TRM Labs traced over $438 million in cryptocurrency theft directly to cracked LastPass vaults through December 2025. Victims had stored cryptocurrency seed phrases in LastPass "Secure Notes." Attackers cracked weak master passwords offline using powerful computing systems. Older vaults were especially vulnerable -- LastPass had increased minimum encryption iterations over time, but older accounts used as few as 1 round of PBKDF2, far below security standards. Two to five high-value cryptocurrency heists occurred every month from December 2022 through September 2023. Taylor Monahan of MetaMask confirmed: "The common thread among nearly every victim was that they'd previously used LastPass to store their seed phrase." Stolen funds were traced through mixers to high-risk Russian exchanges. The thefts continued through late 2025 -- three years after the breach.

⚠️ criticalpolicy claims vs third party research
Twenty-five million people trusted LastPass with their passwords. LastPass trusted four employees with the keys to all of them. One of those four employees ran Plex Media Server on his home computer -- with a two-year-old unpatched vulnerability. Hackers exploited it, installed a keylogger, and waited. When the engineer logged in with his master password -- after passing multi-factor authentication -- the keylogger captured it. One unpatched home media server. One keylogger. Twenty-five million password vaults. LastPass gave four people the keys to everything and never checked if their home computers were secure. The most devastating password breach in history started with a guy who didn't update his Plex.

What they claim: LastPass states it uses "industry-standard security practices" and employs defense-in-depth strategies to protect its infrastructure and customer data.

What we found: The catastrophic second stage of the LastPass breach exploited a known vulnerability (CVE-2020-5741) in Plex Media Server running on a senior DevOps engineer's personal home computer. The vulnerability had been publicly disclosed for over two years and a patch was available -- but the engineer's home Plex installation had never been updated. Attackers installed a keylogger, waited for the engineer to authenticate with MFA, then captured the master password. This single employee was one of only four people at LastPass with vault decryption access. The attacker used legitimate credentials, making the intrusion invisible to security monitoring. A password manager protecting 25 million people's secrets was compromised because a single employee didn't update their home media server. The company entrusted vault decryption keys to four people and didn't secure -- or even audit -- their home computing environments.

⚠️ criticalpolicy claims vs regulatory findings
On September 15, 2022, LastPass told its customers: no customer data was accessed. No password vaults were stolen. The investigation was complete. Users relaxed. Two months later, LastPass admitted hackers had stolen encrypted copies of 25 million password vaults. The September statement wasn't just wrong -- it gave users false confidence during the exact window when changing their master password could have saved them. People who trusted LastPass's reassurance kept their existing passwords. Their vaults were already being copied. The full truth didn't come out until February 2023 -- six months after the first breach. The CEO took "full responsibility." But the people who lost $438 million in cryptocurrency can't deposit an apology. LastPass lied about the scope, and the lie cost people everything.

What they claim: On September 15, 2022, LastPass told customers that an investigation into the August breach determined "the attacker did not access any customer data or encrypted password vaults."

What we found: This statement was materially wrong. The August breach gave attackers the knowledge and access needed to execute a second, far more devastating attack between August and October 2022. Using information stolen in the first breach, attackers identified and compromised one of four DevOps engineers with vault decryption access. By November, attackers had copied encrypted backups of approximately 25 million customer vaults. LastPass didn't disclose the full scope until December 2022, and even then released details incrementally over months -- the DevOps engineer attack vector wasn't revealed until February 2023. CEO Karim Toubba took "full responsibility" on March 1, 2023 -- six months after the initial breach. Users who trusted the September assurance that no customer data was accessed had no reason to change their master passwords or migrate away. By the time the truth emerged, their vaults were already in attackers' hands. The UK ICO found over 1 million UK data subjects were affected and fined LastPass in November 2025.

⚠️ criticalmarketing vs third party research
$250 million in cryptocurrency stolen from cracked LastPass vaults. The breach started because an engineer's personal media server was hacked. Staff used the same master password for personal and work accounts. The password manager that was supposed to protect your money became the map to your crypto wallets. A quarter of a billion dollars, drained.

What they claim: LastPass promotes itself as a secure password manager protecting your digital life

What we found: The ICO fined LastPass £1.23 million for the 2022 breach, which stemmed from a senior engineer's personal Plex server exploit. Staff were encouraged to link personal and business accounts with the same master password. 1.6 million UK users affected. Researchers tracked over $250 million in cryptocurrency stolen from cracked LastPass vaults — thieves systematically cracked encrypted vaults and drained crypto wallets stored inside.

⚡ highpolicy claims vs firmware analysis
The UK Information Commissioner fined LastPass £1,228,283 for GDPR violations affecting over 1 million British users. But the breach went deeper than passwords — the attackers also stole the MFA database, including authenticator seeds and phone numbers used for two-factor authentication. The one thing security experts tell you to enable after a breach? The hackers already had it.

What they claim: LastPass marketed itself as the most trusted password manager with '33 million users'

What we found: UK ICO fined LastPass GBP 1,228,283 for UK GDPR violations. The breach affected over 1 million UK data subjects. LastPass's own MFA database was also compromised, including authenticator seeds and phone numbers used for two-factor authentication.

⚡ highfirmware analysis vs regulatory findings
LastPass stored vault backups on AWS with "industry-standard encryption." The decryption keys were held by only 4 employees. Compromising one employee's personal computer gave the attacker everything: vault backups, API secrets, third-party integration secrets, and the keys to decrypt it all. Four people between 25.6 million users and disaster — and the weakest link was a home PC running outdated media software.

What they claim: LastPass stores vault data on AWS with 'industry-standard encryption'

What we found: The breach chain exploited the fact that backup decryption keys were accessible to only 4 employees — but one employee's personal computer was sufficient to access everything. The stolen data included API secrets, third-party integration secrets, and customer vault backups.

⚡ highpolicy claims vs firmware analysis
Security researcher Mike Kuketz found LastPass's Android app contained 7 embedded trackers — Google Analytics, AppsFlyer, Segment, and others — sending data before you even logged in. A password manager, the one app that should be the most paranoid about where your data goes, was phoning home to advertising analytics platforms. Your vault contents were encrypted. Your usage patterns were not.

What they claim: LastPass privacy policy allows data sharing with 'service providers' for 'business purposes'

What we found: LastPass apps contain multiple third-party trackers including Google Analytics, AppsFlyer, and Segment. A password manager sending usage telemetry to advertising-adjacent analytics platforms contradicts the security-first positioning.

⚡ highmarketing claims vs third party research
2011: LastPass detected suspicious activity. Said they fixed it. 2015: Email addresses leaked. Said they improved security. 2017: Google's Tavis Ormandy found critical browser extension bugs. Patched. 2019: Ormandy found another credential leak vulnerability. Patched again. 2021: Master passwords compromised in credential stuffing. Users warned. 2022: Everything stolen. Twenty-five million vaults. $438 million in cryptocurrency drained over three years. Six security incidents in 11 years. Each time LastPass said they'd learned. Each time the next breach was worse. At some point, the pattern isn't bad luck. It's the product. A password manager that gets breached every two years isn't a security tool. It's a liability.

What they claim: LastPass positions itself as a trusted security solution, stating it uses "proven technology" to protect user credentials with enterprise-grade encryption.

What we found: LastPass has experienced significant security incidents in 2011, 2015, 2017, 2019, 2021, and 2022 -- six incidents across 11 years. In 2011, unusual network activity triggered a mass password reset. In 2015, email addresses and password reminders were leaked. In 2017, Google Project Zero's Tavis Ormandy found critical vulnerabilities in the browser extension. In 2019, Ormandy found another vulnerability that could leak credentials from the last site visited. In 2021, users were warned their master passwords may have been compromised in credential stuffing attacks. In 2022, the catastrophic two-stage breach exposed 25 million vaults. After the 2015 breach, users were told security was improved. After 2017, the extension was patched. After 2019, another patch. After 2021, another warning. After 2022, $438 million in cryptocurrency was stolen. Each time, LastPass said it had learned. Each time, the next breach was worse.

⚡ highmarketing claims vs third party research
Francisco Partners bought LastPass's parent company for $4.3 billion. Then spun off LastPass as its own company. Then LastPass suffered the worst password manager breach in history. Private equity firms optimize for returns, not security. Only four employees had vault decryption access. None of their home computers were audited for security. The engineer whose unpatched home Plex server compromised everything was one of four people holding the keys to 25 million vaults. The $24.5 million settlement is 0.6% of the acquisition price. The UK ICO fine was a fraction of that. When the cost of a breach is a rounding error on the leveraged buyout, security isn't a priority. It's an expense to minimize. Francisco Partners now also owns The Weather Channel's data. Same playbook. Different data.

What they claim: LastPass markets enterprise-grade security with SOC 2 Type II compliance and positions itself as a trusted custodian of organizational credentials.

What we found: LogMeIn, LastPass's parent company, was taken private by Francisco Partners and Evergreen Coast Capital for $4.3 billion in 2020. LastPass was spun off as an independent company in 2022 -- the same year as the catastrophic breach. Private equity ownership is associated with cost-cutting to maximize returns. The breach exploited a lean security architecture: only four employees had vault decryption access, and their home computing environments were not secured or audited. The DevOps engineer's unpatched Plex server on a personal computer -- used to access production vault decryption keys -- suggests insufficient security controls around the most critical access points. Francisco Partners is also the private equity firm that acquired The Weather Channel's digital assets from IBM in 2024. The $24.5 million class action settlement and UK ICO fine represent costs that pale against the private equity acquisition price -- the fine was a rounding error on the leveraged buyout.

⚡ highpolicy claims vs regulatory findings
LastPass's CEO took "full responsibility." Here's what that meant in dollars: $24.5 million in settlement for over $438 million in documented cryptocurrency theft. That's 5.6 cents for every dollar stolen. Chris Larsen lost $150 million. Individual victims could claim up to $50,000 -- even if they lost ten times that. The UK fined LastPass separately for inadequate security measures. "Full responsibility" is a press release. The settlement is a fraction of the damage. And the victims? They got a settlement check and the same promise LastPass makes after every breach: we've learned. Six breaches in eleven years. $438 million stolen. $24.5 million paid. The math of "full responsibility."

What they claim: LastPass CEO Karim Toubba took "full responsibility" for the breach in March 2023 and stated the company was committed to making things right for affected customers.

What we found: The class action settlement reached in December 2025 totaled $24.5 million -- against estimated cryptocurrency losses exceeding $438 million. Of the settlement, $16.25 million was allocated for cryptocurrency losses and $8.2 million for general data protection claims. Individual cryptocurrency theft victims could claim up to $50,000 in documented losses -- a fraction of the six-figure thefts many experienced. Chris Larsen, Ripple's co-founder, lost $150 million in a single theft linked to the breach. The UK ICO separately fined LastPass UK Ltd in November 2025 for failing to implement appropriate technical and organisational measures, affecting over 1 million UK data subjects. "Full responsibility" translated to approximately 5.6 cents for every dollar stolen. The people who lost their life savings to cracked LastPass vaults received a settlement check and a promise that LastPass had learned its lesson -- the same promise the company made after every previous breach.

⚫ mediumpolicy claims vs regulatory findings
LastPass offered a free tier because "password security should be accessible to everyone." After the breach, they gutted the free tier to push users toward paid plans. Free-tier users whose vaults were stolen received no specific notification about their risk level, no personalised guidance, and no priority support. They got the same breach, worse communication, and a sales pitch to upgrade.

What they claim: LastPass offers a 'free tier' suggesting password security should be accessible to all

What we found: Following the breach, LastPass restricted free tier features significantly, pushing users toward paid plans. Users whose vaults were stolen on the free tier received no direct notification of their specific risk level or recommended actions.

What happened to real people
Documented incidents involving GoTo products and user data.
$438M+ in cryptocurrency stolen directly from cracked LastPass vaults. FBI linked $150M Ripple co-founder heist to LastPass breach. Vaults with 5,000 PBKDF2 iterations crackable for $15. [source]
UK ICO fined LastPass GBP 1,228,283. $24.45M US class action settlement ($16.25M for crypto losses). Canadian class action: $3M USD. [source]
What your data is worth to governments
Jurisdiction: US (CLOUD Act).
Documented: $438M+ in cryptocurrency stolen directly from cracked LastPass vaults. FBI linked $150M Ripple co-founder heist to LastPass breach. Vaults with 5,000 PBKDF2 iterations crackable for $15.
Documented: UK ICO fined LastPass GBP 1,228,283. $24.45M US class action settlement ($16.25M for crypto losses). Canadian class action: $3M USD.
What is the CLOUD Act?
Sources