In a recent security notice posted on its website, LastPass, a login management platform, admitted that suspicious activity had been detected and some user information was compromised. According to LastPass, no encrypted user vault data has been taken and no accounts were accessed. However, account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
As a security measure, LastPass has alerted all of its users of the issue via email and is requiring all users who are logging in from a new device or IP address to verify their account. Additionally, users are being asked to update their master passwords, especially if they have used that same password on other websites. LastPass has also requested that users change their passwords on those websites that they've used the same password for.
Despite LastPass's claim that all users would be notified via email, some users are not happy with the company's response time and had to read about the breach when covered by other websites.
The poor response time wasn't the only quip that users have with LastPass. Many users simply can't wrap their heads around how the information was compromised in the first place.
Still, the user feedback wasn't all negative. Many users seem to trust that LastPass is handling the issue to the best of their ability and don't seem concerned that their information is at risk.
A security breach is never a good thing for a business, especially one that specializes in security. However, if these user responses have taught us anything, it's that full and speedy transparency is a MUST. Despite the fact that LastPass notified its users of the issue, many were still frustrated with the amount of information provided and the speediness of the communication.