LastPass hacked, urges all users to change master password
Popular password manager LastPass is urging its users to change their master password after discovering unauthorised activity on its network last Friday. While users' personal password databases were not stolen, LastPass account email addresses, password reminders, server per user salts and authentication hashes were compromised.
LastPass believes that its encryption measures are strong enough to ensure the vast majority of user accounts are still protected, but advices users to update their password nonetheless. In addition, users who log in from a new device or IP address will first have to verify their account by email, unless they already have multifactor authentication enabled.
"Security and privacy are our top concerns here at LastPass," wrote LastPass CEO Joe Siegrist on the company's official blog. "Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we’re working with the authorities and security forensic experts."
In addition, LastPass is also advising subscribers who have reused their master password on other accounts to update those as well.