Status
Not open for further replies.

FreddyFreeloader

Level 31
Verified
YIKES!
Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team
 

FreddyFreeloader

Level 31
Verified
I had to try a few times before it allowed me to, keep trying i think they are a bit busy . ;)
Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement.

Please be patient while we try to respond to your questions and issues as quickly as possible.
Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.
 

frogboy

Level 75
Verified
Trusted
Sorry, but we are currently experiencing an extremely high volume of support tickets due to our recent security announcement.

Please be patient while we try to respond to your questions and issues as quickly as possible.
Anticipated wait times for non-critical issues are currently 3 days for Premium and over 5 days for free users.
They must be getting busier i got in fairly early after it happened.
 
  • Like
Reactions: Kent

Atlas147

Level 30
Verified
Content Creator
YIKES!
Dear LastPass User,

We wanted to alert you that, recently, our team discovered and immediately blocked suspicious activity on our network. No encrypted user vault data was taken, however other data, including email addresses and password reminders, was compromised.

We are confident that the encryption algorithms we use will sufficiently protect our users. To further ensure your security, we are requiring verification by email when logging in from a new device or IP address, and will be prompting users to update their master passwords.

We apologize for the inconvenience, but ultimately we believe this will better protect LastPass users. Thank you for your understanding, and for using LastPass.

Regards,
The LastPass Team
They sent this to all lastpass users I think! No reason to panic!
 

FreddyFreeloader

Level 31
Verified
March 2015 is when I made the move to KeePass from LastPass Premium after I felt that such a service would always be a target and it's only a matter of time, either it be black hat patience, fundamental weaknesses or a dirty insider job.

Regardless, I don't like the risk factor and in spite of all spouted protection they tell us that your passwords are secure, In the end you just have to take their word for it don't you? And hope the worst doesn't happen.

Pessimism has never served me wrong.

http://keepass.info | http://keepass.info/help/base/security.html

https://chrome.google.com/webstore/detail/ompiailgknfdndiefoaoiligalphfdae
(Extension allowing Google Chrome to form-fill passwords stored in KeePass.)

http://keefox.org/
(Extension allowing Firefox based browsers to form-fill passwords stored in KeePass.)

All plugins for KeePass: http://keepass.info/plugins.html

If you're going to continue using LastPass, think of enabling Two-factor verification - A little extra hassle for that proper peace of mind.

https://helpdesk.lastpass.com/multifactor-authentication-options/
Just about anything stored in the "Cloud" can be hacked by governments, IT professors, former (and present) KGB/CIA/FBI types. Only plus is use across multiple platforms. Only reason I'm staying with LastPass is because it's a real pain to switch. If this happens again I think LastPass is out of business.
I know they say they don't have your master password - but how then does their app know it's you and let you log in to your account?
 

R083R7

New Member
Someone pointed out on a website that since e-mail addresses were exposed, that now the hacker(s) most likely know your address is valid and that people should change the e-mail associated with their LastPass account. Is this true, and what would happen if you decided you didn't want to change the e-mail you signed up with?
 
Last edited:
I

illumination

Someone pointed out on a website that since e-mail addresses were exposed, that now the hacker(s) most likely know your address is valid and that people should change the e-mail associated with their LastPass account. Is this true, and what would happen if you decided you didn't want to change the e-mail you signed up with?
Having your email address, but no email password = they can not access it. Unless they were to have all of your personal info, and verification email addresses, i would not trip to hard. I did not change mine, as i'm not going to every time there's a chance someone could obtain it, especially when a user gives their email address to sites all day long on their system. The hackers only obtained just enough information, to fill some space, but nothing useful.

I see people post, that offline "meaning on their system" password managers are better.. This is of course if you believe your system is completely spotless, as there is always that chance as well. When you fill out an online form, those webpages are not always encrypted "secured" chances are someone can intercept that, just signing into MalwareTips, not being encrypted, someone could intercept your email address.. Should i go on?
For those that think, any way they turn is a trap,too much Paranoia is not a healthy thing.
 
Status
Not open for further replies.