LastPass has asked all users to update their master passwords following a data breach that allowed email addresses, password reminders, authentication hashes, and other information to be compromised. The company insists your login data remains secure, but it is taking precautionary measures to be sure.
“We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network,” LastPass explains in an announcement on its blog. “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.”
Your passwords and other login information should be safe, then, but “email addresses, password reminders, server per user salts, and authentication hashes were compromised,” LastPass says.
As a result, the company is taking precautionary measures to keep your data protected. All users must change their master passwords when logging into their LastPass accounts, and those logging in on new devices or from a new IP address must first verify their account by email.
Because encrypted data wasn’t taken, you don’t need to change the passwords you have stored in LastPass, the company says. However, if you use your LastPass master password to log into any other websites, then you will need to change those.
LastPass assures customers that security and privacy are its “top concern,” and it apologizes for the inconvenience the breach has caused. It is now working with the authorities and security forensic experts to establish who gained access to its network.