News and Events 
Keeper Security has been named Cyber Security Solution of the Year at the 2026 National Technology Awards, recognising the company’s continued innovation in enterprise cybersecurity and
3 min read
Published on June 29, 2026
Although customer password vaults were not affected, LastPass confirmed that customer information was exposed when cybercriminals compromised a third-party market intelligence platform in June 2026. This is not the first time LastPass customers have had their information put at risk; LastPass’s major 2022 breach involved cybercriminals stealing backups of customer vault data.
Continue reading to learn the details of LastPass’s 2026 breach, how it fits into the company’s years-long pattern of security incidents and why Keeper® is a more secure alternative for protecting your sensitive data.
Ready to migrate from LastPass to Keeper after this latest breach? Join the thousands of other LastPass customers who have already made the switch.
What to know about the 2026 LastPass breach
Here are the key facts about the 2026 LastPass breach and how it happened:
- The breach happened to a third party, not LastPass directly. Cybercriminals compromised Klue, a third-party market intelligence platform that integrates with LastPass’s Salesforce environment. Instead of breaking into LastPass’s own infrastructure, the hackers stole the OAuth tokens that Klue held to connect to LastPass’s systems, then used those tokens to access LastPass customer data within its Salesforce CRM.
- A variety of LastPass customer information was exposed. According to LastPass, the stolen data includes customer names, phone numbers, email addresses, physical addresses, customer support case information and sales-related records.
- Customer vaults and LastPass infrastructure were reportedly unaffected. LastPass has stated that its products, services and infrastructure were not impacted by this breach and that customer vaults remain secure.
- The stolen data still creates security risks. While vaults weren’t accessed, exposed customer names and contact information give cybercriminals valuable material to carry out convincing phishing attacks. LastPass has recommended that customers be cautious of unsolicited emails or calls, especially from anyone requesting sensitive information.
Why LastPass’s repeated security incidents matter
LastPass’s 2026 breach is one of many the company has suffered in recent years, and each incident erodes customers’ confidence and trust that their credentials are actually secure. This latest breach was also disclosed ten days after LastPass first learned of Klue’s compromise, with the company learning of it on June 12, 2026, but not publicly disclosing it until June 22, 2026. During that time, customers may not have known their personal information might have been exposed, and this delayed approach is one that LastPass also took during its 2022 breach.
This pattern highlights a disturbing reality: Your information can be exposed even if your provider isn’t directly hacked. LastPass’s own infrastructure was not breached this time, but even in a supply chain attack, customer data was still compromised. As organizations connect more tools and platforms, every integration becomes a potential entry point, and one weak link in the supply chain can jeopardize customer information.
Why Keeper is a more secure alternative to LastPass
After several breaches, LastPass users are naturally rethinking where to keep their passwords. Explore our Keeper vs LastPass page to compare track records, security architectures and accountability when it comes to protecting customer data.
Zero-knowledge encryption
Keeper is built on a zero-knowledge security architecture, meaning all encryption and decryption happen locally on the user’s device. The key needed to unlock a vault is derived from a user’s master password and never leaves their device, so Keeper can never see, decrypt or access stored data. This is a crucial distinction: Even if Keeper’s systems were targeted, customer vault data would remain unreadable because the keys to decrypt it aren’t there to steal.
Independent audits and certifications
Keeper is the most certified and audited platform in the industry. It is FedRAMP High Certified and GovRAMP High Authorized and holds SOC 2, ISO 27001, FIPS 140-3 validation and compliance with GDPR, HIPAA and PCI DSS, among other certifications. These represent rigorous, independent assessments that individuals, enterprises and government agencies depend on before trusting a platform with their most sensitive data. Keeper’s platform is also continuously validated by third-party experts through regular penetration testing, an active bug bounty program and a public vulnerability disclosure program to ensure that its solutions are tested, verified and improved consistently.
Clean breach record
Beyond its zero-knowledge architecture and extensive certifications, Keeper has never had a breach of its encrypted vaults or underlying infrastructure. Keeper’s long, unbroken record, backed by zero-knowledge encryption and independent verification, shows that its security model is built to protect customer data even in worst-case scenarios.
Switch to Keeper today to stay protected
Each new LastPass security incident serves as a reminder that protecting sensitive information shouldn’t be left to a tool with a track record of frequent exposure. Fortunately, moving to a more secure password manager like Keeper is simple. Keeper lets you import your existing passwords, folders, shared folders, TOTP codes and file attachments directly from LastPass in just a handful of steps, so you can bring your vault over without re-entering credentials one at a time or losing any of your data in the process. Instead of waiting to find out if another breach will affect you, move to a platform built on zero-knowledge encryption, backed by the most rigorous independent certifications in the industry and supported by a clean record of keeping customer vaults secure.
Start your free trial of Keeper today to protect your passwords and other sensitive data.
Frequently asked questions
How do I switch from LastPass to Keeper?
It only takes a few minutes to import data from LastPass to Keeper. After creating a Keeper account, you can export your existing LastPass vault and import it directly into Keeper. When you do this, your passwords and other stored data will transfer to a Keeper Vault, eliminating the need to re-enter everything manually.
Were passwords exposed in the 2026 LastPass breach?
According to LastPass, customer password vaults and its core infrastructure were not affected by the June 2026 breach. The exposed data from this latest breach was limited to information stored in LastPass’s Salesforce CRM environment, including customer names, contact information and customer support records. However, because that contact information can be used in targeted phishing and social engineering attacks, be cautious of any unexpected messages claiming to be from LastPass, and verify them through LastPass’s official support channels before responding.
Are password managers still safe to use?
Reputable password managers like Keeper are much safer to use than reusing passwords or storing them in insecure places, but what matters most is the tool’s architecture and security. Incidents like the LastPass breaches show why zero-knowledge encryption is essential. With a zero-trust, zero-knowledge platform like Keeper, your data is encrypted and decrypted only on your device. You shouldn’t abandon password managers entirely, but choose one built to protect your data no matter what.
