LastPass Discovers 'Suspicious Activity,' Account Email Addresses, Passwords Compromised

By Kamal Nayan - 16 Jun '15 10:30AM

LastPass, a popular password manager, recently discovered 'suspicious activity' on the network. In a blogpost, it said neither encrypted user vault data was taken, nor that LastPass user accounts were accessed.

However, it mentioned that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.

Emails are being sent to all users regarding the security incident. Users logging in from a new device or IP address first need to verify their account by email. The service would also ask users to update the master password.

"Security and privacy are our top concerns here at LastPass. Over the years, we have been and continue to be dedicated to transparency and proactive measures to protect our users. In addition to the above steps, we're working with the authorities and security forensic experts," the company added in a blog post.

The company recommends enabling multifactor authentication for added protection for the account.

Fun Stuff

The Next Read

Real Time Analytics