LastPass, a popular service that encrypts passwords for subscribers, said it detected suspicious activity on its site Friday and is advising users to change their master passwords.
The company said that its investigation shows that user account email addresses, password reminders, authentication hashes and server per user salts were compromised.
LastPass passwords can be accessed only through use of a master password.
In a security notice, the Fairfax, Va., company said it found no evidence that encrypted user vault passwords were taken nor any user accounts accessed.
Nonetheless, we are taking additional measures to ensure that your data remains secure, the notice said. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password
LastPass told users if they use the same master password on any other sites, to change it on those sites as well.
Photo:illustration, KRTarchives
