a cell phone with the lastpass logo on it

LastPass Security Breach: What Subscribers Need to Know and Do

LastPass, one of the world’s most popular password managers, has once again found itself the subject of intense scrutiny after its latest security breach. Just before Christmas, LastPass CEO Karim Toubba revealed in a blog post that a security incident first disclosed in August has led to an unauthorized party stealing customer account information and vault data. This is the latest in a lengthy string of security incidents involving LastPass that date back to 2011. It’s also the most alarming.

An unauthorized party now has access to user account information like LastPass usernames, company names, billing addresses, email addresses, phone numbers and IP addresses, according to Toubba. That same unauthorized party also has a copy of customer vault data, which includes unencrypted data like website URLs and encrypted data like the usernames and passwords for all the sites customers have saved in their vaults. If you’re a LastPass subscriber, all of this should have you looking for a different password manager.

Read More: CNET