lastpass

Hackers reportedly exploited a vulnerability in the Plex Media Server software on the engineer's computer that was patched about 75 versions ago

The extensive attack targeted one of only four DevOps engineers at LastPass with the credentials required to access the servers that store customer data. 

The stolen information includes account usernames, account passwords (salted and hashed), billing information, and much more

LastPass claims if users follow default settings, it would take millions of years to guess the master password using password-cracking techniques.

The company has confirmed that encrypted vaults containing customers' passwords, secure notes, and form-filled data were stolen in a recent security breach

While the company does not know exactly what data was stolen, it was able to confirm that user passwords and vaults remain encrypted

LastPass maintains the hackers were only able to make away with its source code and "proprietary LastPass technical information."

Unusual login alerts reported by users were caused by "fairly common bot-related activity."

Free users will soon be able to view and manage passwords on one category of devices.

The company cites changes made by Apple in Safari, and says the switchover is happening to "provide the best experience for our customers."

It is highly recommended to update the password manager to its latest version.

If you're looking to try LastPass Premium, education users can get six months free.