While the LastPass “vault” (where your encrypted passwords are stored) is safe, LastPass was hacked:

LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

That sounds bad, but LastPass says no password vaults were accessed, and that means your passwords are still safe.

Just in case, LastPass is requiring email verification when logging in from a new device or IP address. It will also prompt users to change their master password (the password you access LastPass, not the passwords stored in LastPass).

If you’re a LastPass user, you might as well do that right now.

(h/t Tony Webster)