On December 22nd LastPass notified its customers that late in 2022, a hacker was able to obtain the full, encrypted vaults for many or all of its customers. You can read LastPass’ announcement of the breach at https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
At this time there is no evidence that passwords or other data stored in LastPass have been compromised. However, the security of the data you have stored in LastPass is entirely dependent on the strength of your master password. The weaker your master password is the easier it will be to break and allow someone to gain access to your vault. While weaker passwords will be cracked sooner, even stronger passwords will very likely be cracked over time. Because of this we strongly recommend that you change all passwords stored in your LastPass vault, particularly any involved with high value accounts such as banking accounts.
UCR staff, faculty and students who use LastPass should take the following steps to ensure the safety of their accounts.
Change your LastPass master password
Change every password/credential stored within your LastPass vault/account.
Enable multi-factor authentication for your LastPass account.
Additionally, despite this unfortunate incident, the ISO still recommends using a password manager to address the many passwords users are expected to keep today.
For updates on this incident, please visit https://blog.lastpass.com