product icon
What is dark web monitoring?

What is dark web monitoring?

    The dark web monitoring feature evaluates all of your stored email addresses in your vault items, and alerts you immediately – via email notification and within the Security Dashboard – if any of your email addresses have been found in the database of breached credentials.

    Tip: Are you a LastPass admin for a LastPass Business account? You can manage the "Control dark web monitoring" policy and its settings for your end users.

    If you have compromised email addresses, you are guided through steps to change your password for the site associated with the breach. You can also manage the email addresses you want to exclude from being monitored. Learn how to enable dark web monitoring and manage your dark web monitoring alerts.

    You can stop monitoring any email addresses that you want to exclude, but if you change your mind, you can always start monitoring the email address again so it is included in dark web monitoring.

    A hashed version of your email addresses will be monitored and will not be used for any purpose other than monitoring for security breaches.
    Notice: In addition to providing real-time monitoring of your email addresses, LastPass retroactively checks against breaches for up to one year prior to the date that dark web monitoring becomes enabled (only once, at the time of sign-up).
    Note: For individually shared items, the email address associated can only be monitored within the sharer's Security Dashboard. For example, if you share a vault item that has a monitored email address, it will only be monitored within your own Security Dashboard. Alternatively, if a vault item is shared with you, then the email address will only be monitored within the sharer's Security Dashboard and not yours.

    Additionally, shared folder items (i.e., items within a shared folder that have been shared with you) that have email addresses associated with stored site password entries will not be monitored.

    Note: This feature is not available in the LastPass apps for iOS and Android, however, mobile users can run the Security Challenge on their device if they are subscribed to a LastPass Premium, Families, Teams, or LastPass Business planor if mobile is set as a primary device for running the Security Challenge. .
    Start monitoring an email address for dark web monitoring


    Note: Dark web monitoring evaluates the following number of emails depending on your LastPass Plan:
    • LastPass Free: 10 email addresses
    • LastPass Premium, Families, Teams, Business, or Trial: 200 email addresses

    You can start, stop, or add new email addresses that you would like to have monitored.

    Restriction: If you have a LastPass Teams or LastPass Business account, the ability to perform these actions may be limited or prohibited due to policies enabled by your LastPass admin.