LastPass Hacked, Change Your Master Password Now
Bad news first, guys. LastPass, our favorite password manager ( and yours ) has been hacked. It’s time to change your master password. The good news is, the passwords you’ve saved for other sites should be safe.
LastPass announced on their company’s blog that they have detected an intrusion on their servers. While the encrypted user data (read: your saved passwords for other sites) was not stolen, the attackers took the LastPass account email addresses, password reminders, per-user server salts, and authentication hashes. The latter is used to tell LastPass that you have permission to access your account.
According to LastPass, authentication hashes must be encrypted enough so that no one can use them to access your account. However, the company still invites all users to update their Master Password, which they use to log into their LastPass account. If you are using LastPass, you should do so immediately. If you share this master password with other services, you should also change it there. Finally, if you haven’t turned on two-factor authentication, you should do it immediately here .
We’ve already talked about what happens if LastPass gets jailbroken earlier . As it stands, this hack does not appear to have resulted in any significant data loss for users. However, it is still important to take the steps necessary to secure your account as soon as possible.
Note . It looks like the LastPass servers are breaking down right now, so if the password change doesn’t happen, check back frequently throughout the day until it does.
LastPass Security Notice | LastPass