The biggest password manager in the world, LastPass, has acknowledged that during a data breach earlier this year, hackers obtained the encrypted password vaults—which contain customers’ passwords and other sensitive information—of its users. According to LastPass CEO Karim Toubba in an updated blog post on the company’s disclosure, the hackers accessed a backup of user vault data using cloud storage keys obtained from a LastPass employee. Although technical and security details of this proprietary format were not released, it is assumed that it contains both encrypted and unencrypted vault data and is used to store the cache of customer password vaults. The unencrypted data includes web addresses that are kept in a vault, but LastPass does not provide any additional details or context. It’s unknown how recent the stolen backups are.