LastPass, a cybersecurity and password firm that aims to help people keep their logins safe, has been hacked and had users’ data compromised.
The service is one of many that aim to help people keep passwords safe by keeping them all in one place — users remember one master password, and software generates safe, unique ones for each website a person visits. But hackers have broken into the company’s network and stolen those master passwords and other login details, potentially exposing all of the data that has been stored with passwords generated from the service.
The company says that it is “confident” that the encryption measures it uses “are sufficient to protect the vast majority of users”. As such, the company doesn’t recommend changing the passwords on the accounts used with LastPass, but does recommend changing passwords on the service.
Users will be sent emails telling them about the breach and will be prompted to reset the master password. The service also encourages resetting the password on any site where the master password had been used.