In case you missed the email, LastPass, one of the most popular password keeper on the planet has got there network security tested recently.
Many users of LastPass should be receiving similar emails as displayed.
What you need to know: The password vault is encrypted heavily and even if data was comprised there is a very unlikely chance of getting access to it.
But all they need is two things to access all your data,
your email address (which they were able to obtain) and your Master password which they did not. But the master password can now be brute forced at their leisure and if not created to be difficult, will be easily cracked.
So as a requirement, they are requesting everyone to change their password. Now is a good time to do so and make sure it is secure password and meets many different requirements as displayed below.
Make sure to create a strong “master” password by doing the following.
- Is at least eight characters long.
- Does not contain your user name, real name, or company name.
- Does not contain a complete word.
- Is significantly different from previous passwords.
- Contains Uppercase and Lowercase letters and Numbers
All cloud based systems, such as LastPass, are susceptible to these kinds of attacks. But having the right steps and having all data encrypted eliminates many headaches for users of their product. Simply change your Master password for the vault and you will be all set.
For more information, see LastPass Security Post.
Source: LastPass Security Notice | The LastPass Blog [ blog has since been removed ]