Why am I being asked to share information with Enzoic?

The dark web monitoring feature in the Security Dashboard of your LastPass Vault has an integrated partnership with Enzoic (formerly known as PasswordPing).

When you click Start monitoring (as an end user) or enable the "Control dark web monitoring" policy (if you are a LastPass Business admin), you grant permission for LastPass to share a hashed version of the email addresses associated with your stored items from your LastPass Vault with Enzoic's monitoring system so that they can be checked against a database of email addresses leaked in known breaches. If Enzoic determines that any of your email addresses have been compromised, LastPass relays this information to you in the form of a dark web monitoring alert (via email and within the Security Dashboard) and instructs you to take action.

LastPass operates on a zero-knowledge security model, where all encryption and decryption occurs locally on the user's device, not on our servers. This means that your sensitive Vault data is only transferred to LastPass once it has been encrypted, and never travels over the Internet unencrypted. The same is true for our partnership with Enzoic. Your passwords are never transferred or visible to anyone (because they remain encrypted) – only a hashed version of your email addresses for your Vault item entries are provided to Enzoic in order to monitor it against their database of compromised email addresses. Please be aware that only your hashed email addresses will be shared with Enzoic, and that they will not be used for any purpose other than monitoring for security breaches.