Back to Blog

LastPass Breach — What You Should Know

1 MIN READ
Published on December 23, 2022

Share this blog

Written by Craig Lurey

LastPass revealed that hackers stole customer vault data during an August 2022 incident. During the breach, the threat actor was able to copy a backup of customer vault data.

According to Ars Technica, LastPass vault secrets (logins and passwords) are encrypted, however, website URLs and other metadata are not encrypted. As a result, some stolen information could be used as targeted attacks against users. Information obtained from a source code leak and a Twilio data breach provided the attackers with information to break into the cloud infrastructure, which stored customer data.

In contrast, Keeper adheres to the following:

1. Keeper encrypts all vault data, including URLs and metadata, locally on the user’s device. Keeper’s cloud does not receive, store or process any plaintext vault information.

2. Keeper does not store secrets such as cloud infrastructure access keys in its source code. We regularly scan source code for secret information.

3. Keeper’s source code, while privately held in Github Enterprise, does not provide information required to access a user’s vault. The encryption of data occurs at the local device level, and much of this source code is published in our public Github repo as part of Keeper’s Commander and Secrets Manager products.

4. Keeper does not use 3rd party providers such as Twilio for 2FA. Keeper’s vendors have not been subject to any data breaches.

5. Keeper does not provide any 3rd parties with management or access to any of our AWS data centers. All management of infrastructure is performed by full-time employees of Keeper Security who are additionally US Citizens located in the US.

Keeper has the most security certifications in the industry. Keeper is SOC2 Certified, FedRamp Authorized, StateRamp Authorized and ISO27001 certified.

Here are a few resources if you have any questions about Keeper vs. LastPass:

Thank you for staying protected with Keeper.

Craig Lurey

Craig Lurey is the CTO and Co-Founder of Keeper Security. Craig leads Keeper’s software development and technology infrastructure team. Craig and Darren have been active business partners in a series of successful ventures for over 20 years. Prior to building Keeper, Craig served at Motorola as a software engineer creating firmware for cellular base station infrastructure and founded Apollo Solutions, an online software platform for the computer reseller industry which was acquired by CNET Networks. Craig holds a bachelor’s degree in Electrical Engineering from Iowa State University.

Get the latest cybersecurity news and updates sent straight to your inbox

Share this blog

EMA Names Keeper Value Leader for Privileged Access Management

Keeper Security’s Privileged Access Management (PAM) solution, KeeperPAM™, has been recognized as a Value Leader in PAM by the IT and data management analyst research and consulting firm, Enterprise Management Associates (EMA) on their EMA Radar...

LastPass Breach — What You Should Know

Craig Lurey

Get the latest cybersecurity news and updates sent straight to your inbox

You May Also Like

EMA Names Keeper Value Leader for Privileged Access Management