Posted by: Ken Harthun
LastPass, Password, password manager, Security best practice
Just received this email from LastPass which gives further information about the security incident.
Dear LastPass User,
On May 3rd, we discovered suspicious network activity on the LastPass internal network. After investigating, we determined that it was possible that a limited amount of data was accessed. All LastPass accounts were quickly locked down, preventing access from unknown locations. We then announced our findings and course of action on our blog and spoke with the media.
As you know, LastPass does not have access to your master password or your confidential data. To further secure your account, LastPass now requires you to verify your identity when logging in. You will be prompted to validate your email if you try to log in from a new location. This prompt will continue to appear until you change your master password or indicate that you are comfortable with the strength of your master password.
Please visit https://lastpass.com/status for more information.
The LastPass Team
As I said before, I am very impressed by their response to this incident. Here is their latest update on the blog:
Update 9, ~11am 05/09 EST:
Many users are changing their password and then determining they can’t remember it, a number have also run into issues with password changes and want to go back, you can now do this yourself without contacting us: https://lastpass.com/revertIt allows you to either roll back your last password change or revert your account to the 4th. You must prove access to your email again to use it.