If you’re not sure what LastPass is, it’s a secure password service. You generate a Master Password, and use it to securely store all your other passwords. It’s convenient, because it leaves you only having to remember just one password.
What Was Taken
The hackers were able to make off with the email addresses of everyone who uses the service, along with password reminders, authentication hashes and server per user salts. Of these, the most troubling are the authentication hashes, as this is what LastPass uses to determine that you’re you, and have permission to access your account.
According to the company’s blog, even with the authentication hashes in hand, it would be virtually impossible for a hacker to actually breach your account and get into your password safe. That is of some comfort, but of course, the company was supposed to be essentially unhackable to begin with, so take that with a grain of salt.
What You Should Do
About the only thing that’s absolutely required is to change your Master Password. That way, if LastPass is wrong about the hackers not being able to use the authentication hashes to break into your password safe, they’ll be using the wrong password – it will render the hashes irrelevant.
As an added security precaution, the company has locked accounts down, so that if you’re not accessing your account from a trusted IP address you’ve used before, you’ll also have to take the step of verifying your email. According to the company’s website, the data that the hackers got shouldn’t put your other passwords at risk, but you’ll definitely want to change your Master Password. No further action should be required, but if it is, you’ll be getting detailed instructions from LastPass.