LastPass announcement this morning: "We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."Some more details at Ars Technica.I'm a long time LastPass user but am not particularly worried about this as my master password was fairly strong and not guessable. As a precaution I changed my account password and vault master password this morning anyway and I recommend that you do too, as well as take a look through the additional security settings available such as multi-factor authentication, geo-restrictions, trusted devices, etc...
↧