PSA: LastPass Warns Users that Authentication Hashes Were Compromised

LastPass announced Monday that it "discovered and blocked suspicious activity" on Friday. The company said it had no evidence that password vaults were compromised, but that, "LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised."

LastPass warns customers their password vault accounts may have been compromisedLastPass warns customers their password vault accounts may have been compromised

LastPass is a password keeper for Mac, Windows, Linux, iOS, Android, and the Web.

The company warned users to reset their master password if the one they are using is weak or if they reused that password on any other site or service. TMO recommends never using the same password in more than one place.

LastPass also said that, "because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault."

Lastly, the company encouraged users to set up two-factor authentication as an added layer of protection. This is in keeping with published research from Google that found two-factor authentication vastly superior to other forms of account verification.