Many of us use LastPass for an easy way out to avoid the pain of filling our passwords all the time, however, with this news you might want to change your passwords again. The company’s latest blog post spills that there had been some suspicious occurrence recorded on its network.
Although LastPass states that the vault, which stores user passwords, has not been accessed, the company is still alerting users to change their master passwords in order to steer clear of trouble – especially if the same email/password combo is used elsewhere. It’s only a matter of time before that master password is cracked (the vault data requires a lot more work).
The company was readily able to block the suspicious activity detected last week. The investigation made on the case revealed that some user data was accessed: those are, Password reminders, LastPass account e-mail addresses, and authentication hashes.
The blog post reads:
“Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multi-factor authentication enabled. As an added precaution, we will also be prompting users to update their master password.”
This looks like an important alert message that LastPass is trying to convey to its users, so that their account’s security doesn’t get compromised any further.
LastPass is especially alerting the users with weak passwords, or the users who have used the password on different websites to change the password as soon as possible. The company is also suggesting users to ‘enable multi factor authentication’ so that their account stays safe.
Obviously, a number of observers have warned that using a cloud service to store password exposes users to exactly this kind of threats. At the moment, and despite the reassuring words from LastPass, there is no way to truly know the extent of the damage.