Using one password to secure all your other passwords might not be the brightest idea from a cybersecurity perspective, but it is convenient, and that’s exactly what password managers like LastPass do. However, that makes such services targets of regular and vicious cyberattacks — a reality LastPass is all too familiar with. Continuing the recent streak of detected attacks, LastPass is now alerting users of the latest system breach to access user data.

LastPass was the target of a cyberattack in 2021, and then another one in August this year, when the company’s source code was stolen. CEO Karim Toubba explains that hackers used information obtained from the August attack to access “certain elements of customers’ information,” although we don't get any specifics about exactly what that entails.

The crooks were able to access the cloud storage service LastPass shares with its affiliate, GoTo. The company has roped in law enforcement agencies and security firm Mandiant for the ongoing investigation into the incident. Meanwhile, Toubba attempts to assure users that LastPass remains fully functional, and the hackers can't actually access any customers’ stored passwords because of the company’s zero knowledge architecture — LastPass itself doesn’t store your master password and the credentials in your locked vault.

LastPass-Zero-Knowleged-Infographic
Source: LastPass

This is the second significant security breach LastPass has admitted to detecting in recent memory, and we give the company credit for being upfront about it. However, none of this does the brand’s reputation any favors, and customer concerns are understandable. So, if you must use this password manager (or any other one, for that matter) but want to distance yourself from such breaches, we recommend changing your passwords at regular intervals. Additionally, don’t reuse passwords across multiple websites. LastPass has a guide of suggested best practices you could check out.

If this was the final straw for you, or you’re just sufficiently rattled, check out some of our favorite password managers you could use instead —these other services haven't given us nearly as many security scares.