LastPass Warns of Data Breach
We received the following from LastPass today (16 June 2015). All of you who have LastPass accounts should have received this. We think it would be a good idea to change your LastPass Master Password as soon as possible. While no secure data was stolen, email addresses and not encrypted data might have been. Changing your password for all your accounts frequently is recommended anyway -and this is a good reminder that you, above all, are responsible for protecting your private data.
Now, the letter from last page (image) followed by the text:
LastPass users received this email on 16 June 2015.
Dear LastPass User,
We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.
We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.
We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.
Regards,
The LastPass Team
I have been a LastPass customer for years now and have always liked and trusted them. My opinion of them has not changed; but, I was surprised to find out that the customer’s passwords are stored in the cloud with LastPass. Today I changed password managers to one that actually stores all of my password information on my computer and not in the cloud. I am confident the information is safe there since I am well protected with the Windows Firewall and Emsisoft Anti-Malware….plus the fact that I am my PC’s only user.
I actually prefer having my passwords stored in the cloud. That way I can access them from any computer. I only have the LastPass application installed on my home computer. Not on my laptop or my tablet. I have to sign into it, each time I use Last Pass on any other device that way.
I have changed my master password and hope I can remember it and the way I typed it. Hopefully it is strong enough.
This came from Krebs on Security on 6/12/2015″ I am hearing about so many different retail breaches at retail and restaurant chains right now that I could do nothing but write about them full time and still fall behind”.
I believe that. This is not counting just what happened to the government. I guess what I’m trying to say, this above does not surprise me with everything else going on. It is like it is a field day for everybody that wants to try. You have more to gain than to lose…
I have enough room on robo so I just manually transferred and went to my sites and changed the passwords for each one that way last pass will not be a problem but you have to change the passwords for each site that is protected . It is a hassle but it is better than having a way to access your sites in the cloud where it has been compromised.