LastPass is a service that manages your logins by remembering your passwords, so you can imagine the havoc that could be wreaked if someone were to hack the company’s database and get at all that juicy, luscious login info. In a new blog post, the company says it has no reason to believe that any passwords have been compromised, but some data may have been and LastPass is now prompting users to update their master passwords.
The post states that the LastPass security team “discovered and blocked suspicious activity on our network,” on June 12. “In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
The company is now notifying users by e-mail. If you login from a new device or IP address, you’ll need to re-verify your account by e-mail, though users who employ two-factor authentication will not have to go through this step. LastPass is also recommending that people update their security settings to include two-factor authentication.
“As an added precaution, we will also be prompting users to update their master password,” reads the blog post. “If you have a weak master password or if you have reused your master password on any other website, please update it immediately. Then replace the passwords on those other websites.”
LastPass claims that any passwords stored with LastPass need not be changed because of the encryption system it uses.
“We apologize for the extra steps of verifying your account and updating your master password, but ultimately believe this will provide you better protection,” writes the company.
by Chris Morran via Consumerist