LastPass was breached, but all info was salted and hashed. According to the blog entry, everyone using the LastPass service will receive a mail, prompting them to reset their master password.



“In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed.”

The blog says: “Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”

The blog warns that although no stored passwords need to be change, your Master Password should not be one that is also used on other sites.

Source: Avira