Last Friday, the folks at LastPass, keepers of the password on all sorts of platforms, noticed “suspicious activity” on their network and decided to go ahead and shut down that noise down. (Thanks!) Wait, though, suspicious activity? What does that mean? According to LastPass, that means that l33t hax0rs (hackers) were able to grab “account email addresses, password reminders, server per user salts, and authentication hashes.” Yikes. Thankfully, they have found no evidence of user vault data being taken, which is awesome news, since that’s where all of your passwords for other websites are stored.
As a recap – LastPass was hacked on some level and the responsible party was able to gain some information from your account. The good news is that your actual passwords that LastPass stores were not compromised and you should be good.
With that said, LastPass is recommending (and prompting) that everyone change their master passwords (especially those weak ones like “12345” that you use for your luggage). LastPass will also now require users who login from a new device or IP to first verify accounts by email, unless they already have multifactor authentication enabled.
You do not need to change passwords on other sites, because again, your user vault data wasn’t taken.
You can read more about the “suspicious activity” at the source link below.