You Should Be Changing Your Lastpass Master Password Right Now


Those things that we were excited about after watching the pilot of new television show Mr Robot? They’re real.

What happens to you when the service that promises to securely keep your most sensitive information away from the bad guys also gets hacked? It happened when security firm Kaspersky got hacked not long ago and it also happened over the last few weeks as Lastpass, one of the world’s best password managers, was hacked.

I woke up to the following email in my inbox:

Lastpass hacked 1

Lastpass says, in a blogpost, that while user accounts weren’t access nor was any data wiped during the breach, user information like account email addresses and password reminders may have been compromised. While in the above communication the company doesn’t advise users to explicitly change their master passwords, it promises it will be doing so in another communication. It is currently in the process of notifying all users.

We recommend that you change your master password as soon as you can and enable two-step authentication as well, since Lastpass supports that. There’s no need to change your individual account passwords though since they weren’t affected. If one of those is similar to your master password then you may want to change it.

As part of new security measures, Lastpass will be requiring users logging in from a new device or IP to verify their account via email.

A new image posted on Imgur shows that Lastpass may have been hacked as early as three weeks ago.

Lastpass hacked 5

This is not the first time Lastpass has been breached. The password managing service that serves both individuals and enterprise customers was last hacked four years ago.