LastPass Hacked: what this means for youJune 16, 2015 – 4:28 AM
Online security company LastPass published an announcement yesterday on the official company blog that it detected and blocked suspicious activity on the company network.
According to the information posted on the blog, the company did not find evidence that LastPass user accounts were accessed or user vault data was downloaded. The company did not mention when it first noticed the breach but some users reported that they started to receive spam to email addresses used exclusively for the password manager account on June 8th.
LastPass’ investigation confirmed that account email addresses, password reminders, server per user salts and authentication hashes were compromised.
The company, confident in the service’s protective features, enabled additional security measures for the majority of accounts.
For instance, it requires all users to verify the account by email again if a new device or IP address is used to access the account. This is not the case for log ins on known devices or from known IP addresses, and also only the case if multi-factor authentication is not used.
In addition to that, users will receive prompts to update their master password.