LastPass-AH-1

PSA: Change your LastPass Password Immediately

June 15, 2015 - Written By Alexander Maxham

LastPass, one of the most popular password storing services out there, has published a blog post basically saying that they’ve been hacked. Which means it’s time to change your password. If you use LastPass, please don’t take this lightly, as all your passwords are stored in LastPass, and could be catastrophic for users. However, a simple password change can fix all of that. Make sure you change that master password and make it a pretty tough one. That way it’s tougher to get hacked.

The company posted on their blog this afternoon:

“We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”

So LastPass has identified and fixed the suspicious activity that appeared on their network. Always a good sign. Especially for a company that basically only deals with passwords. LastPass is also emailing all of their users regarding this issue, and telling them to change their passwords as soon as possible.

However, if you are logging into your account from a new device or IP address, you will be asked to verify your email address before logging into your account. Unless multi-factor authentication is enabled, as described in their blog post:

“Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.”

LastPass has been around for quite some time, and for most people it’s one of the best services to keep track of all your passwords. Many of us have multiple passwords, and usernames for all the websites we use daily or even on a weekly basis. It’s a good sign that LastPass is going this far to protect their customers.