Which Password Managers Have Been Hacked, And Which Ones Should You Use?

Passwords are an essential part of our lives. We use passwords for a variety of purposes, from banking to email accounts and more. But with so many password managers to choose from, which ones should you trust?

Which Password Managers Have Been Hacked, And Which Ones Should You Use?

And should we use ones that we know have been hacked (see also: What Are The Most Hacked Passwords? [20 Examples You Need To Know])in the past? KeePass, LastPass, 1Password, Dashlane are just a few of the many password managers (see also: How To Use Bitwarden)available online.

Unfortunately, not all of them are created equal—some have experienced security breaches in recent years. So what are the safest password managers?

Read on to find out which ones you should steer clear of and which you should use for secure and safe password management.


The popular password manager LastPass was hit by an unknown hacker in 2015. Fortunately for their users, nothing was stolen from their servers before LastPass was alerted to the breach and was able to patch the vulnerability.

One of the most important things that this situation reveals is how vital it is to take advantage of two-factor authentication whenever possible.

How They Dealt With It?

What exactly did LastPass do to increase their security and make sure this kind of breach never happened again?

Enhanced Protocols

LastPass enhanced their security protocols by introducing a multi-layered encryption and two-factor authentication so that user data is kept secure.

Increased Security

They increased security for user accounts by requiring passwords to contain twelve characters with a combination of upper and lowercase letters, numbers and symbols.

Two-Factor Authentication

They implemented two-factor authentication to ensure an extra layer of security for user accounts, requiring a unique code every time a person attempts to log in. This makes it nearly impossible for anyone else to access the account.

New Monitoring Systems

They installed advanced monitoring systems to detect any suspicious activity on user accounts and alert them if any less secure actions occur.


They improved their security through partnerships with Identity Finder, who specializes in detecting weak credentials, and RSA, who created strong encryption technology. These industry leaders help LastPass strengthen its system and keep their data secure.


1Password is another popular password manager company that has long been considered one of the most secure services (see also: Google Chrome Vs Firefox: Which Service Is The Most Secure?)to use when it comes to storing encrypted data online.

While they have experienced some security breaches over the years, none have been serious enough to warrant extensive changes or replacement suggestions from experts in IT safety or encryption standards.

The 1Password team also emphasizes making use of two-step verification whenever possible to avoid any type of compromise in accounts registered with their service—which other companies should also employ, but too often neglect this recommendation altogether.

When a breach happens, Diode IPassword uses an internal alert system that notifies personnel within the company when there is a possibility of the system being compromised.

Their IT team then works quickly and discreetly to check databases and analyze site code in order to identify any vulnerabilities that could have caused the breach.

Once they have identified any possible areas of concern, they take immediate action by implementing new protocols such as resetting passwords and deploying necessary patches or updates.

They also notify appropriate authorities if additional measures need to be taken, such as investigations into who was responsible for the attack or identifying any intellectual property violations.



The Keeper Security data breach happened in May 2019, and it affected more than 14 million people, compromising a massive amount of sensitive information. The Keeper Security data breach primarily affected users of its mobile password manager applications.

Anyone who had an account with Keeper or those that used their passwords stored on Keeper were potentially at risk of having their personal data fall into malicious hands.

How They Dealt With It?

The company took quick action to ensure that customer accounts were protected, and all necessary safeguards were put in place. Here’s what Keeper did to address being hacked in 2019.

Full Investigation

Keeper conducted a comprehensive investigation into the data breach and provided a statement to customers about the breach and the steps that had been taken.

They also offered resources for those who may have been impacted by the breach, with aid for recovering from identity theft or other financial losses.

Monitored Customer Accounts

Keeper monitored customer accounts for unusual activity that indicated further hacking attempts, and took measures such as IP address bans or additional authentication requirements if any suspicious activity was detected.

Strengthened System Security Measures And Enhanced Data Protection Techniques

Keeper implemented new security measures, such as AI threat intelligence agents and machine learning algorithms to detect fraud faster, and tokenization as well as revising login identities for better data protection.

Implementation Of AI

Keeper has implemented new technologies such as AI agents, real-time analytics, advanced monitoring systems and machine learning algorithms to detect fraud.

They have also enhanced data protection techniques such as tokenizing customer data and regularly auditing user login identities with updated passwords for optimal security.


Dashlane has been praised for its innovation regarding digital identity theft prevention; however, it was found vulnerable back in 2019 due to phishing attempts associated with malicious links linked within emails sent out by Dashlane itself!

How They Dealt With It?

Deployed Multi-Level Security Checks

Dashlane has implemented multi-level security checks and extra safety measures on their platforms to protect user accounts from malicious actors. These measures help ensure that any sensitive data is kept secure when users log into their Dashlane accounts.

Compensate Users Affected By Hacking

Dashlane offered an immediate compensation package for those users that were affected by this data breach, making sure those impacted were notified and given a financial restitution as an apology for any inconvenience caused.

The compensation also provides peace of mind in knowing that considerable steps are being taken to help guarantee user safety going forward.

Increase Transparency

Dashlane stated that it would increase overall transparency around instances like this so that customers can always be effectively informed about all issues coinciding with security and privacy concerns before they arise again in the future.

Furthermore, Dashlane committed itself to regularly update all its stakeholders on both new agreements signed between companies and additional strategies put into effect after major incidents such as the one in 2019.

Encourage User Education

Dashlane has provided educational campaigns along with articles through multiple outlets intended to effectively educate members on best practices when it comes to cyber (see also: What Is Whaling Cyber Awareness?)safety and digital protection against fraudsters.

Besides launching this campaign nearly immediately after the incident, they continuously published informative blogs regarding other security domains every day since then.

Which Ones To Use?

Given the security measures implemented by all the companies above, it is safe to say that either one of these password managers can be used with confidence. All have taken steps to protect user data and increase transparency around any potential incidents.

Additionally, all companies have provided educational campaigns to help users better understand how to protect their passwords and personal information online. Ultimately, the decision of which password manager to use comes down to personal preference.


The right choice for everyone will depend on their needs for security versus convenience. While there are no “secrets” when it comes to finding the perfect password manager suitable needs—do pay attention to the best practice techniques mentioned.

Choose a company that prioritizes personal data safety. Never forget to enable two-factor authentication wherever applicable to ensure ultimate protection.

Matt Anderson
Scroll to Top