According to a new blog post from LastPass, suspicious activity on their server late last week may have compromised some user data. LastPass says a “vast majority” of their users are safe, but also note personal data was accessed.
While the activity was quickly noticed and blocked, LastPass writes “in our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
LastPass goes on to note that any users who may have a weak master password should change theirs quickly, and it will notify any users who may have been compromised via email. Users who log in via a new device or IP address will be asked to verify their account via email unless they have multifactor authentication activated.
Even if you weren’t compromised, this serves as a good reminder that keeping your passwords fresh is always a good idea.
➤ LastPass security notice [LastPass]