Can this be true?

[G+_George Kozi]

Can this be true?

 

Originally shared by Liz Quilty

 

Ouch :/

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

[G+_Randy Hudson]

Gotta love it

[G+_Dalt Wisney]

Everything gets hacked eventually. Everything.

[G+_Jean-Pierre White]

Read the lastpass blog. It's true.

[G+_Joshua “Wizdum” Burgess]

Dalt Wisney The difference here is that LastPass actually has internal security policies in place to minimize the damage.

 

In the email from LastPass: "We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised."

 

Passwords were not compromised. If you have a decent master password that you only use for LastPass, and your password hint isn't obvious, you're fine.

[G+_Travis Hershberger]

Is it true?  Yes.  Is it something to be concerned about?  Not so much this time.  LastPass is one of the few companies that seems to have gotten security right.  So change your master password and move on.

[G+_Dalt Wisney]

LastPass is a combination of the app, network, company, its policies, security processes, etc. You compromise one piece and the whole thing is compromised. Good security doesn't imply that something won't be hacked, just that there are (tested) controls in place to minimize the damage. Besides, changing the master pw is a good idea no matter what the reason.

[G+_Steve Gledhill]

You should work on the basis that the email address you use to log in to Lastpass and your password reminder is compromised. If there is a chance that someone can use your reminder to guess your password then change it. Otherwise: you will be OK.

[G+_Joe Phillips]

Yubikey

[G+_Jeremy Oelke]

You don't need to change your password. It was only customer emails addresses that got taken. None of their deep security sector was breached. And i got an email from last pass they are being really open about this.

[G+_Steve Gledhill]

Jeremy Oelke They also got your password reminder so if your password reminder can be used to guess your password then you should change it.

[G+_Joshua “Wizdum” Burgess]

Steve Gledhill If your password reminder can be used to guess your password, you need to change your password even if there wasn't a breach..

[G+_Steve Gledhill]

Joshua Burgess True, but if the bad guys have thousands of password hints they can cherry-pick the easy to guess ones rather than trying to reset lp based only on email and then looking at the hint. Your chance of your weak hint has just increased substantially because you will be at the top of their list.

All in all, a timely reminder for people to be careful about their password recovery information.

[G+_Dalt Wisney]

If in doubt, change your pw.