The administration of the service to store passwords LastPass sends you an email with the details of the recent attack. Security companies have discovered strange activity that have caused their suspicion.
Suspicious activity was recorded last week and unknown persons managed to access the hash of the master password, e-mail addresses and answers to screening questions. The user passwords were not hacked, but considering that the attackers gained access to the hash of the master password and other data, they can get access to user accounts if the passwords were weak and/or standard.
“Dear user of LastPass.
In the last few days we have noticed suspicious activity on our network. The encrypted data has not been compromised, but the unknown was at the disposal of the e-mail address, which you can set a new password from LastPass.
We are confident in the reliability of our algorithms, and we believe that your data is protected. However, we will request an e-mail confirmation when you enter the program with a new device or unfamiliar IP address. We strongly recommend that you change your current password.
We apologize for the inconvenience. In the future this will allow us to increase the security of our services. Thanks for the understanding and use LastPass”, — stated in the message LastPass.
LastPass uses encryption master password on both client and server side, so that the speed of the process will be very low. However, choosing simple passwords on the list of most common passwords can lead to success.
If you use a complex password, and LastPass doesn’t ask him to change, then the service developers confident in the security account and change the password is not required.