SF SaaS Flags
Security & Compliance Automation · Risk Score 100 · Severe

LastPass Complaints: What Buyers Are Actually Reporting

Password manager — once a market leader, now defined by its catastrophic 2022 breach

4 documented complaints against LastPass — paraphrased from BBB filings, Trustpilot reviews, Reddit threads, and public forum posts. Newest complaints first.

Our AI scanner searches Reddit, Trustpilot, BBB, and news sources for fresh complaints from the past year, paraphrases what it finds, and adds anything new to this page. Takes up to 90 seconds.

2
Critical
2
High
0
Medium
0
Low

Who reported these complaints

Sourced from public platforms across US, UK, and global markets — each report links to the original source.

Platform Reports Who's reporting
TechCrunch1Various regions
KrebsOnSecurity1Various regions
Wired1Various regions
Security Research (Palant.info)1Various regions
Lawsuits & Legal Action CRITICAL Source: TechCrunch · Dec 22, 2022 Added 4d ago

2022 breach: encrypted password vaults stolen along with decryption metadata

In December 2022, LastPass revealed attackers had stolen encrypted customer password vaults plus metadata — including URLs, usernames, and email addresses that aid in targeted decryption. The breach was executed through a compromised senior engineer's home computer.

Lawsuits & Legal Action CRITICAL Source: KrebsOnSecurity · Sep 9, 2023 Added 4d ago

Cryptocurrency thefts linked to breached LastPass vault data

In 2023 and 2024, blockchain security researchers linked over $35 million in cryptocurrency thefts to attackers who appeared to have successfully decrypted LastPass vault data to access victims' seed phrases.

Misleading Marketing HIGH Source: Wired · Mar 3, 2023 Added 4d ago

Slow, incrementally expanding breach disclosures criticized by security community

LastPass's 2022 breach disclosures came in multiple waves over months — each revealing a worse situation. The security community broadly criticized this approach as minimizing, preventing customers from making informed risk decisions.

Customer Complaints HIGH Source: Security Research (Palant.info) · Dec 28, 2022 Added 4d ago

Older account vaults had sub-standard encryption iteration counts

Post-breach analysis revealed that older LastPass accounts had PBKDF2-SHA256 iteration counts as low as 5,000 — far below the 600,000+ recommended at the time of the breach. Affected users were not proactively notified to update their master passwords.