LastPass has announced that it was hacked last week, the news of the hack came to light yesterday in a blog post by the company.
The company has said that on Friday their team discovered an blocked suspicious activity on their network, they said that there is no evidence that the encrypted user vault was taken.
We want to notify our community that on Friday, our team discovered and blocked suspicious activity on our network. In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed. The investigation has shown, however, that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.
LastPass has said that they are taking additional security measures and you can find out more information over at their website at the link below.