Cybercriminals are increasingly focusing their attacks on password managers like 1Password, LastPass, and NordPass.
According to a 2023 Security.org study, about one in three people use a password manager, which has made these services prime targets for hackers.
A 2025 report from cybersecurity firm Picus Security revealed that attacks on password managers and other credential storage services have tripled from the previous year.
These services, including browser-stored credentials, have become a major focus for hackers. In fact, 25% of all malware variants targeted these tools.
Researchers noted that, for the first time, stealing credentials from password stores ranked in the top 10 techniques in the MITRE ATT&CK Framework, a system for categorizing cyberattacks.
Hackers are using increasingly sophisticated methods, such as “SneakThief”, a multi-stage malware attack that operates with greater stealth, persistence, and automation. This malware can extract data without getting noticed.
With so many accounts and logins to manage, people turn to password managers, but hackers are adapting their strategies to steal more than just one set of credentials—they aim to access everything.
Experts recommend using multi-factor authentication and never reusing passwords, especially for your password manager.
