LastPass - Encrypted password storage application breached.
On June 15th, LastPass, the makers of a well-known password manager, announced that their security team discovered and blocked suspicious activities within their system. Hackers strike again! “We are confident that our encryption measures are sufficient to protect the vast majority of users” was the quote in the press release. I would feel a lot better if they said “all” instead of “vast majority”.
They believe that Last Pass account e-mail addresses, password reminders, server per user salts, and hashes were compromised. However, they feel like the bad guys did not get much. Time will tell.
In the meantime if you are a customer of LastPass, they recommend that you change your master password once you see the prompt to do so. Give them time to tighten up security before changing that password. From what they are saying right now more than likely your vaulted passwords that you have stored are okay. “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your Last Pass Vault… We also recommend enabling multifactor authentication”
F1 Solutions is currently in the testing phase of evaluating a competing product that we feel has a much stronger encryption process. We will evaluate this product for about a month. If all goes well, we will announce it to you shortly after that.