Security News > 2024 > May > LastPass is now encrypting URLs in password vaults for better security
LastPass announced it will start encrypting URLs stored in user vaults for enhanced privacy and protection against data breaches and unauthorized access.
With most of the hardware performance constraints of the past now having been lifted, LastPass can now start encrypting/decrypting those URL values on the fly without the user noticing any hiccups in browser performance while enjoying ultimate data security.
"Encrypting URLs associated with your accounts, just like every other private field in the LastPass vault, will expand our zero-knowledge architecture and enhance customer privacy, while also helping to further mitigate risk by ensuring that URLs related to specific services or accounts saved within their vault remain private."
In 2022, LastPass suffered two breaches that ultimately allowed threat actors to steal source code, customer data, and production backups, including encrypted password vaults.
The stolen data also included unencrypted URLs associated with password entries, providing valuable insight into which password vaults could be targeted to steal credentials to financial services, like cryptocurrency exchanges.
These six values concern the equivalent domain URLs, wildcard URLs, redirect URLs, user-defined custom URLs, URLs stored in user notes, and historical URLs.