While the LastPass “vault” (where your encrypted passwords are stored) is safe, LastPass was hacked:

LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

That sounds bad, but LastPass says no password vaults were accessed, and that means your passwords are still safe.

Just in case, LastPass is requiring email verification when logging in from a new device or IP address. It will also prompt users to change their master password (the password you access LastPass, not the passwords stored in LastPass).

If you’re a LastPass user, you might as well do that right now.

(h/t Tony Webster)

  • Paul McGuire

    Considering I have two levels of 2 factor authentication enabled I am not worried by this. It won’t let you say “I forgot my key generator app” and then also “I don’t have my printed grid of keys to access the account.” If you don’t have one of the two you can’t get into the account. That is a nice comparison to say Paypal that allows you to say “I can’t access my phone” and somehow bypass the two factor authentication part.