LastPass Reveals Breach That Compromised User Data
LastPass has revealed that it was breached recently, and that some account data was compromised as a result. The discovery was made this past Friday when, says LastPass, it found (and subsequently blocked) "suspicious activity" on its network. Encrypted user vault data doesn't seem to have been taken, says LastPass, and there's also no sign that users' accounts were accessed. Some details pertaining to them, however, like email addresses were compromised, and so users need to update their master passwords among other things.
LastPass is a password management service that makes it easier to log into other websites, and it says that despite the breach it is "confident that" its security measures are "sufficient to protect the vast majority of users." Says the company, email addresses, password reminders, server per user salts, and authentication hashes were all compromised in this breach.
To ensure that no users end up damaged as a result of the breach, LastPass says it will be notifying users by email, and that they will need to verify their account via their email address when logging in from a new IP address or a new device. This will help ensure that user accounts aren't accessed by whomever caused the breach.
In addition, users are also going to see a prompt to update their master password if it is weak or has been re-used. The company says it isn't necessary to change the passwords on websites that are stored in the vault. However, multi-factor authentication is being suggested for additional protection.
SOURCE: LastPass Blog