LastPass Hacked, Change Your Master Password!
Today we have some bad news, LastPass which is the most loved password manager has been hacked. It’s time to change your master password. The good news is, the passwords you have saved for other sites should be safe.
LastPass has announced on their company blog that they detected an intrusion into their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.
According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still promoting all users to update the master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Last but not least, if you haven’t enabled two-factor authentication you should do that immediately here.