LastPass Breach of 2022

LastPass notified us of a security incident in August 2022. We were informed in January 2023 by LastPass representatives that all customer vaults were in the encrypted backup that was acquired by the attackers. This means your credentials could be susceptible to exposure.

In order to reduce the likelihood of any active passwords being exposed, we recommend all LastPass users do the following:

  • Once your primary password has been updated, update all sensitive passwords in your vault, e.g. banking or payment sites. 
    • Make a risk based decision on changing other passwords. Lower risk account passwords do not need to be changed immediately, but can be changed as they are accessed in the future

Need help? 

See our FAQ on this incident

Support for LastPass is provided by LastPass. See:

For assistance with your non-Berkeley Duo account, contact Duo directly:

Report suspected security incidents to

Questions about LastPass Business accounts can be directed to

Find out what LastPass has to say on this blog post, which they update periodically.