Security & Compliance Automation · Risk Score 100 · Severe
LastPass Complaints: What Buyers Are Actually Reporting
Password manager — once a market leader, now defined by its catastrophic 2022 breach
4 documented complaints against LastPass — paraphrased from BBB filings, Trustpilot reviews, Reddit threads, and public forum posts. Newest complaints first.
Our AI scanner searches Reddit, Trustpilot, BBB, and news sources for fresh complaints from the past year, paraphrases what it finds, and adds anything new to this page. Takes up to 90 seconds.
Who reported these complaints
Sourced from public platforms across US, UK, and global markets — each report links to the original source.
| Platform |
Reports |
Who's reporting |
| TechCrunch | 1 | Various regions |
| KrebsOnSecurity | 1 | Various regions |
| Wired | 1 | Various regions |
| Security Research (Palant.info) | 1 | Various regions |
Lawsuits & Legal Action
CRITICAL
Source: TechCrunch · Dec 22, 2022
Added 4d ago
2022 breach: encrypted password vaults stolen along with decryption metadata
In December 2022, LastPass revealed attackers had stolen encrypted customer password vaults plus metadata — including URLs, usernames, and email addresses that aid in targeted decryption. The breach was executed through a compromised senior engineer's home computer.
Lawsuits & Legal Action
CRITICAL
Source: KrebsOnSecurity · Sep 9, 2023
Added 4d ago
Cryptocurrency thefts linked to breached LastPass vault data
In 2023 and 2024, blockchain security researchers linked over $35 million in cryptocurrency thefts to attackers who appeared to have successfully decrypted LastPass vault data to access victims' seed phrases.
Misleading Marketing
HIGH
Source: Wired · Mar 3, 2023
Added 4d ago
Slow, incrementally expanding breach disclosures criticized by security community
LastPass's 2022 breach disclosures came in multiple waves over months — each revealing a worse situation. The security community broadly criticized this approach as minimizing, preventing customers from making informed risk decisions.
Older account vaults had sub-standard encryption iteration counts
Post-breach analysis revealed that older LastPass accounts had PBKDF2-SHA256 iteration counts as low as 5,000 — far below the 600,000+ recommended at the time of the breach. Affected users were not proactively notified to update their master passwords.