LastPass hacked, change your master password

In the official blog LastPass appeared a notice indicating that the company's servers have been compromised. Suspicious actions on the company's network were noticed last Friday.

The LastPass team claims that the encrypted user data is safe, but an investigation revealed that the attackers got access to email, a password reminder, salt, and user authentication hashes.
')

We are sure that our encryption measures are enough to protect the vast majority of users. LastPass enhances the authentication hash with a random salt value and 100,000 iterations of PBKDF2-SHA256 , in addition to the iterations performed on the client side. These defenses will make it harder to attack stolen hashes at any speed.

However, LastPass takes extra steps to ensure that your data remains secure. To log in from a new device or IP address you will need to confirm your account if two-factor authentication is not enabled.

As an extra precaution, all users are encouraged to update their master password.