LastPass incident

LastPass - Users reporting being unexpectedly logged out

Minor Resolved View vendor source →

LastPass experienced a minor incident on August 29, 2025 affecting Other and Vault, lasting 6d 17h. The incident has been resolved; the full update timeline is below.

Started
Aug 29, 2025, 09:16 PM UTC
Resolved
Sep 05, 2025, 03:00 PM UTC
Duration
6d 17h
Detected by Pingoru
Aug 29, 2025, 09:16 PM UTC

Affected components

OtherVault

Update timeline

  1. investigating Aug 29, 2025, 09:16 PM UTC

    We are actively investigating reports that some users are unexpectedly being logged out of the Chrome extension. Our engineers are working to identify the issue and will provide another update shortly.

  2. identified Aug 29, 2025, 10:09 PM UTC

    Our engineers have identified the issue and are now actively working towards a resolution. We will provide another update shortly.

  3. monitoring Aug 29, 2025, 11:35 PM UTC

    We have confirmed that the issue has been resolved in Chrome and are preparing the rollback of the release on all supported browser extensions. We will continue monitoring this issue through the weekend and release an RCA in the following week.

  4. monitoring Aug 30, 2025, 01:15 PM UTC

    We will continue monitoring this issue through the weekend and release an RCA in the following week.

  5. resolved Sep 05, 2025, 03:00 PM UTC

    We have confirmed that the issue has been resolved. We will conduct an internal review of this issue to help prevent or minimize future recurrence and release an RCA in the following week.

  6. postmortem Sep 23, 2025, 05:40 PM UTC

    Summary LastPass received notifications from a sub-set of customers that they were being logged out while updating to the new extension version if their vault was opened in a separate window. We reviewed the observability metrics to confirm an above average number of customer logouts. Rollbacks of the latest extension version were triggered and submitted to the stores that were on the new version. Date Issue Start Time \(UTC\): 8/29/2025 15:00 UTC Issue End Time \(UTC\): 8/30/2025 14:00 UTC Products Impacted **extension version 4.146.6** **Chrome 4.146.6 was ramped 20%** **Safari 4.146.6 was ramped 100%** **Edge 4.146.6 was ramped 100%** Root-Cause Recent updates to the LP extension aimed at preventing clickjacking vulnerabilities inadvertently introduced a coding issue that affects certain edge cases when opening the SPA vault. As a result, some users experienced unexpected logout events. Future Preventative Measures There are multiple future mitigations for this planned: 1. Automated testing will cover the identified edge cases. 2. Based on the identified error scenarios, we extended our monitoring capabilities to ensure earlier detection. Related issues N/A