LastPass had its source code stolen by hackers – this is why your passwords are still safe

The LastPass logo in a stylized web browser under a magnifying glass.
(Image credit: II.studio/Shutterstock)

Storing your passwords using one of the best password managers can make them more difficult to steal, but what happens when hackers go after a password management company instead? 

As reported by BleepingComputer, LastPass has disclosed that it was targeted by a cyberattack two weeks ago after rumors of the attack began circulating online. The news outlet found out about the breach after speaking with insiders last week who said the company was “scrambling to contain the attack”.

If you’re a LastPass customer, you may be wondering if your passwords and other sensitive data are still safe. Fortunately, customer passwords weren’t exposed as the hackers responsible only managed to steal the company’s source code along with proprietary technical information.

LastPass confirms it was hacked

In a new security advisory released on Thursday, LastPass CEO Karim Toubba explained that the company “detected some unusual activity within portions of the LastPass development environment” two weeks ago.

The company immediately began an investigation and so far, no evidence has been found that any customer data or encrypted password vaults were accessed by the attacker behind the breach.

The attacker was able to gain access to LastPass’ development environment by using a single compromised developer account. Once inside the company’s systems, they “took portions of source code and some proprietary LastPass technical information”, according to Toubba.

Although all of LastPass’ products and services are operating normally, the company has deployed containment and mitigation measures. It’s also working with a cybersecurity and forensics firm to conduct an expanded investigation into the incident.

Why your passwords are still safe

A woman programmer is typing a code on computer to protect a cyber security

(Image credit: VideoFlow / Shutterstock)

In addition to being one of the best password managers, LastPass is also one of the largest and the company says its services are used by more than 33 million people and 100,000 businesses worldwide.

Although your passwords are certainly safer when stored inside a password manager, there is always the chance that if a company like LastPass or 1Password is hacked, cybercriminals could gain access to your stored passwords.

The reason your passwords are still safe after this breach is due to the fact that LastPass stores all customer passwords inside encrypted vaults that can only be decrypted by using your master password. In an FAQ at the bottom of its security advisory, LastPass explains that no master passwords were compromised as a result of the incident. 

At the same time, the company doesn’t store nor does it have knowledge about your master password. This is because LastPass uses Zero Knowledge architecture which ensures it can never know or gain access to its customers’ master passwords. Likewise, none of the data stored inside customers’ encrypted vaults was compromised during the breach.

Normally, after a data breach, companies recommend that users change their passwords but in this case, LastPass says that users don’t need to take any action at this time. The company also plans to keep users updated on the findings of its investigation once they become available. 

TOPICS
Anthony Spadafora
Managing Editor Security and Home Office

Anthony Spadafora is the managing editor for security and home office furniture at Tom’s Guide where he covers everything from data breaches to password managers and the best way to cover your whole home or business with Wi-Fi. He also reviews standing desks, office chairs and other home office accessories with a penchant for building desk setups. Before joining the team, Anthony wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Read more
An open lock depicting a data breach
12 million hit in Zacks Investment data breach — how to protect yourself now
Holographic login above laptop keyboard
Yes, you can use your browser's password manager – here’s how to do it safely
Best password managers
The best password managers in 2025
Surfshark graphic of 2024 data breaches
Nearly 700 million American records were leaked in 2024
Discord on a phone and a laptop
Reported Discord data leak disputed by third-party service RestoreCard
An open lock depicting a data breach
3.5 million hit in major law firm data breach — full names, SSNs, dates of birth, addresses and more exposed
Latest in Password Managers
The Apple Passwords app open on an iPhone in hand
Apple Passwords password manager review
A phone in hand showing the LastPass logo
Millions stolen from LastPass users in massive attack — what you need to know
Proton Pass
Proton Pass password manager review
A phone and tablet sharing passwords using Google Password Manager
Google just made a huge step in killing off passwords for good
Keeper password manager shown on laptop and smartphone
Hurry! Save 50% on this top-rated password manager
Keeper password manager shown on laptop and smartphone
Hurry! One of our top password managers is 50% off right now
Latest in News
Disney Plus logo
Disney Plus upgrade just fixed one of my biggest problems with the home page
Tom Hiddleston as Robert Laing in "High Rise" now streaming on Netflix
5 best Netflix movies in March you haven't watched yet
iPhone 16 with Apple Intelligence logo for iOS 18.1
iOS 18.4: All the newest Apple Intelligence features coming to your iPhone
Maria Debska in "Just One Look" now streaming on Netflix
3 best Netflix shows in March you haven't watched yet
Split image featuring the Galaxy S25 Edge (left) and Galaxy S25 Ultra (right)
Samsung Galaxy S25 Edge just tipped for two Galaxy S25 Ultra-level features
Wolfenstein: The Old Blood
Amazon is giving away a ton of free games for its Big Spring Sale — here’s how to claim yours