Is nothing sacred? Lastpass, the service charged with keeping track of all our disparate online security measures with just one master password, was hacked last Friday—as detailed by the company’s own blog post published today. That is not good news.
But it could be worse. It’s not exactly that a bunch of thieves are in Lastpass’s virtual vault, raking in your iTunes, Amazon, Gmail, and Disqus passwords. This breach is thankfully less brutal, as Lastpass explains:
In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
Bottom line: Change your password. Do it right now, and make it super good (not any of these). And you know, while you’re at it, pretty please enable two-factor authentication. It might make things slightly more annoying, but you won’t find yourself vulnerable to all the password-stealing ne’er-do-wells who lurk around the web.