Can you trust LastPass in 2026? Inside the multimillion-dollar quest to rebuild its security culture

ZDNET interviews LastPass CEO Karim Toubba about the fallout from the company’s 2022 breach—where attackers accessed the development environment, stole source code and technical data, obtained customer metadata, and accessed encrypted vault backups after compromising a senior engineer’s home computer—and details the firm’s multi-year security revamp, including locked-down employee devices, hardware-based authentication, strengthened training, third-party audits, and new features aimed at improving security for both consumers and businesses.