LastPass has sent out an email to its users with a notification of a security breach. On the surface, this sounds potentially disastrous for users, but don’t panic yet.
The company has been very proactive about notifying users when, at this stage, there is no indication that user data has been compromised. The full extent of the breach, as well as details of how the breach occurred, are outlined in a blog post:
Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults.
We have determined that an unauthorized party gained access to portions of the LastPass development environment through a single compromised developer account and took portions of source code and some proprietary LastPass technical information. Our products and services are operating normally.
The TL:DR version is:
- Your data is not confirmed as having been compromised
- Your Master Password is safe
- Your password vault data is safe
If you want to stay on top of the situation with LastPass, you should check out the above-linked blog post and check it for updates regularly. If nothing else, this serves to remind everyone that two-factor authentication isn’t just another layer of security; it’s essential to use it wherever you can.