We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, tuttavia, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
(…)
Ciò nonostante, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.
(…)
If you have a weak master password or if you have reused your master password on any other website, per favore update it immediately. Poi replace the passwords on those other websites.
But checcazzo, già la notizia in sé non è proprio da fare una festa, poi passarla pure per un traduttore cinese facendo spoofing dell’IP…
E no, non ho un account con loro; magari voi sì.
Da LastPass Security Notice | The LastPass Blog.
