LastPass, a password manager and cyber security company has announced that it has been hacked. The company stated that it has seen a data breach and hackers have gained access to password reminders, e-mail addresses and even encrypted master passwords.
“The investigation has shown that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.”
posted LastPass CEO Joe Siegrist in a blog.
LastPass says it discovered and blocked “suspicious activity” on its network. The company is notifying users via email and requiring those logging in from a new device or IP address to verify their account through email. LastPass’ solution allows its 76 million users to remember one strong master password, which is used to access all individual account logins and passwords stored by LastPass in encrypted user vaults.
It’s important to note that this breach does not mean that hackers have full access to the passwords of every LastPass user. If users use a weak master password or have used the same password for another website, there’s a likelihood that hackers could gain access. LastPass is recommending that all users change their master passwords and set up two-factor authentication. Those with weak master passwords or those who re-used the master password on other sites are advised to change their passwords immediately.