HELP FILE
Help! I think my LastPass account has been compromised!
If you're concerned that your LastPass account may have been compromised but still have access to your account, please log in to LastPass immediately and follow the steps below.
Kill all other active sessions
- In your web browser toolbar, click the inactive (grey or black) LastPass icon
.
- Enter your email address and master password, then click Log In.
- If prompted, complete steps for multifactor authentication (if it is enabled on your account).
- Click the LastPass icon
in your browser toolbar.
- Select Account Options OR < your username > at the bottom of the menu.
- Select .
Review your account history
- Log in to LastPass and access your vault by doing either of the following:
- In your web browser toolbar, click the LastPass icon
and select Open My Vault.
- Go to https://lastpass.com/?ac=1 and log in with your email address and master password.
- In your web browser toolbar, click the LastPass icon
- If prompted, complete steps for multifactor authentication (if it is enabled for your account).
- Go to .
Tracking login and Form Fill history is enabled for all LastPass accounts by default.
Restrict your account to only trusted devices
- While logged in to LastPass, click the LastPass icon
in your web browser toolbar.
- Select Open My Vault.
- Select Account Settings in the left navigation.
- Select the Mobile Devices tab.
- Remove any unknown or stolen devices from this list.
Restrict your account to only trusted locations
- While logged in to LastPass, click the LastPass icon
in your web browser toolbar.
- Select Open My Vault.
- Select Account Settings in the left navigation.
- Click Show Advanced Settings at the bottom.
- In the "Security" section for Country Restriction, check the box to enable the Only allow login from selected countries setting, then check the boxes of all countries from which you want to approve LastPass access.
- Click Update when finished.
Change your master password
Update your LastPass account email addresses
If your email address has also been compromised, it is recommended that you update your LastPass account email address using a different email address, as well as your security email address (if you had set one up prior to being compromised).
If you have lost access to your LastPass account...
Revert your master password
Navigate to https://lastpass.com/revert, enter your email address, then click Send Email. Learn more about reverting your master password.
Delete your LastPass account (very last resort)
If you are unable to revert your master password, it is recommended that you delete your LastPass account.
It is highly recommended that you begin changing your passwords for sensitive accounts (e.g., banking, email, social media, etc.) by generating secure passwords.
- Run antivirus, anti-malware, and security suites to scan your computer and remove all suspicious files.
- Enable multifactor authentication for an additional layer of security.
- Consider enabling LastPass Credit Monitoring alerts that you are notified if there is suspicious activity on your credit report.
- Export your password and secure notes periodically and store them safely.
- Use the Security Dashboard for viewing your security score and managing dark web monitoring alerts (if enabled).
- Require a re-prompt for your master password when accessing various settings of your LastPass account.