LastPass just got hacked: Time to change your master password


Lost in speed
Password-storing cloud biz LastPass is urging its users to change their master passwords after hackers broke into its network.
The intrusion reportedly happened on Friday afternoon, but many LastPass users are only learning about it now. LastPass last had a security scare in 2011.

"In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed," CEO Joe Siegrist said in a blog post on Monday. "The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

As a result, the company is requiring all users who login to the service from a new device or IP address verify their identities via email or two-factor authentication.
Users will also be prompted to reset their master passwords, and LastPass is reminding them that if they used their master passwords as a password on any other site, to change the passwords on those sites, too.

LastPass just got hacked: Time to change your master password • The Register


Wise Old Owl
I use Lastpass extensively, have a very long master password in mnemonic form which took some time to memorize. I have enabled two-factor authentication with Google authenticator after reading this. Do i need to change the master pwd?
Top Bottom