The online password locker company reported that its network was breached on Friday, may have compromised some user data. On the blogpost company reveals that their security team found a "Suspicious Activity" on their server. The investigation didn't reveal any evidence that the attackers stole encrypted data from users’ password vaults, nor did the intruders gain access to LastPass users’ accounts.
But LastPass mentioned that LastPass account email addresses, password reminders, server per user salts, and authentication hashes were compromised.
LastPass recommends all its users to immediately change the master passwords of there accounts, and it will notify any users who may have been compromised via email. Users who log in via a new device or IP address will need to verify their identity via email if they don’t have two-factor authentication enabled.
As LastPass team notify all its affected users via email, and if you didn't receive mail then also its recommended to everyone to change the password and create a new strong, complex passwords. Earlier we have briefly discussed on improvement of online security which is very helpful for you all.
This is not the first time, a question urge on the security of the LastPass. On 2013 Security researcher Zhiwei Li have notify the vulnerability on LastPass which could be leveraged against a user utilizing the bookmarklet on an attacking site.