LastPass, a popular password manager, has revealed that its customers’ encrypted password vaults were stolen in a data breach earlier this year. The company’s CEO, Karim Toubba, stated that the attackers gained access to a copy of a backup of customer vault data through stolen cloud storage keys belonging to a LastPass employee. The vaults, which are encrypted and can only be unlocked with the customer’s master password, contain both encrypted and unencrypted data. While LastPass assured that the vaults are secure and can only be accessed with the correct master password, the company warned that the attackers may try to use brute force to guess the master password and decrypt the stolen vault data. LastPass customers are advised to change their master password to a new and unique one, and to prioritize changing the passwords for critical accounts, such as email and financial accounts, which are protected with two-factor authentication.