TL;DR: Last Pass is broken. All passwords at the time of the breach were taken. They also got internal secrets from a laptop and can now probably throw computational power at anything they want to decrypt.

Switch. Do not use. Change everything you have if you were using it. Treat everything as breached.

  • blobjim [he/him]
    ·
    2 years ago

    The passwords are still encrypted so this isn't true.

    • familiar [he/him]
      ·
      2 years ago

      True but this is like the second or third breach in the last couple years and the obviously aren't meeting the expected standard.

      • groundling20XX [none/use name]
        ·
        2 years ago

        Huge target, large dev team and knowledge of they ever covered up a breach of data access they will be obliterated. They are one of the few companies that actually reports breaches because they want to push liability for these post breach incidents on their customers who may have bad passwords.

    • neo [he/him]
      ·
      2 years ago

      Yes, but that said: if you have a bad master password the attempts at cracking it can commence anytime (if not already). So, really, change your master password and EVERY password you manage with LastPass. Anything short of that is insufficient.