Password managers make it incredibly convenient to manage passwords for the insane number of sites, accounts and other services people use today. There are plenty of password manager apps and services out there, but very few of them give you as good of an experience as LastPass without taking any money.
Sadly, it looks like LastPass just became a victim of cybercriminals who managed to access a slew of data, including the password vaults used by customers.
According to LastPass, an unauthorized party gained access to a third-party cloud-based storage service that LastPass uses to store encrypted archived customer vault data. In layman terms, it means the “threat actor” now has a backup of your LastPass vault in which you store website login info, credit card numbers, and other such important info.
Change your LastPass master password, and stop using the same password elsewhere
Thankfully, LastPass says that everyone's data is safe as long as they used a sufficiently strong master password, as it's not easy to decipher those thanks to LastPass' 256-bit encryption even with brute force. Or at least that's the hope here.
Still, the company is urging users to change their master password for increased security, and it's also reminding users not to use the LastPass master password on other services and websites because if those passwords were compromised earlier, it could become easier for malicious actors to access your LastPass account.
Finally, LastPass is also recommending changing the passwords that you have stored in its app. That could be a daunting task for those with too many stored login credentials, but alas, it seems it's one of the best ways to make sure this breach isn't able to affect you and all the private info you may have stored in LastPass.
The incident is an example of why password managers, as secure as they might market themselves to be, are not completely protected from hacking attempts, so there's no particularly fool-proof method of saving sensitive data. For now, anyone using LastPass on their Samsung Galaxy smartphone or tablet might want to make sure they take the necessary steps to further safeguard their data as soon as possible.