LastPass has disclosed its third major security breach, with attackers gaining access to encrypted password vaults of 25 million users through a compromised employee development environment.

What Was Stolen

Attackers obtained encrypted vault data, email addresses, and password hints. While master passwords weren't directly compromised, users with weak master passwords are at significant risk of vault decryption.

Expert Recommendation

Security experts are universally recommending users abandon LastPass and migrate to competitors. Bitwarden and 1Password are the most recommended alternatives.