Dear LastPass User,
On May 3rd, we discovered suspicious network activity on the LastPass internal network. After investigating, we determined that it was possible that a limited amount of data was accessed. All LastPass accounts were quickly locked down, preventing access from unknown locations. We then announced our findings and course of action on our blog and spoke with the media.
As you know, LastPass does not have access to your master password or your confidential data. To further secure your account, LastPass now requires you to verify your identity when logging in. You will be prompted to validate your email if you try to log in from a new location. This prompt will continue to appear until you change your master password or indicate that you are comfortable with the strength of your master password.
Please visit https://lastpass.com/status for more information.
The LastPass Team
Doesn’t look good!
It’s not a major deal because the bad guys are probably not able to decrypt the datafiles since they’re protected by a master password set by each user. But it does raise questions about storing secure data “in the cloud.” I could see this same sort of message coming from any number of cloud-based services including my go to favorites DropBox and Evernote.