If you’re using the popular online password vault LastPass, it’s probably a good idea to visit its homepage now and update your master password if prompted. following a hack of the password manager that takes care of generating and remembering unique passwords for all of the websites and services that you use online.
LastPass says that while some personal information may have been exposed during the cyberattack main passwords were not accessed and individual passwords to websites need not be changed. Data lost included email addresses (used to login to the service) and password reminders, as well as some salted keys for encryption.
“…we quickly detected, contained, evaluated the scope of the incident, and secured all user accounts. We want to assure our users that our cyberattack response worked as designed.”
The requirement that users update master passwords is only to further secure accounts according to LastPass.
The company began contacting users in the early hours of yesterday morning, warning them that they had detected problems on their network. Because of the type of data LastPass holds, it is a frequent target of highly sophisticated attacks – this isn’t the first time the firm has come clean about a security issue (which is a good thing – worse to have a breach and hide it).
In an updated notice posted today on its blog, LastPass seeks to reassure customers that their data is still safe, providing their passwords aren’t easy to guess.
“Encrypted user vaults were not compromised, so no data stored in your vault is at risk (including form fill profiles, secure notes, site usernames and passwords). However if you used your master password for any other website, we do advise changing it – on LastPass as well as on the other websites.” reads a message to users on the password manager’s website.
[Image by CC0/pixelcreatures]