Not LRB, but Last Pass claims "According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account."
However:"the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account."
For me, since I believe you cannot always believe everything any given company proclaims RE its business AND since encrypted hashes can and have been decrypted in the past AND since I attempt to play safe with things that are within my control ..... I would change all my passwords and open a new email account/close the old one.
The biggest hassle will probably be the new email addie if you have multiple business/friends tied to it because you will need to edit the addie on their sites also.
Luck
LTBH
FWIW, I would say I am an extra cautious person when it comes to the internet and security:
I use:
a hardware firewall, router
the number one PC firewall, Comodo (free)
the number one active virus scanner, Bitdefender (paid version but also available as free)
run SuperAntiSpyware (free) multiple times a week to remove tracking cookies
run Malwarebytes (free) as an on demand virus scan several times a week
use SpywareBlaster (free) for its kill byte protection
use FF with NoScript, AdBlockPlus, Better Privacy extensions
Use FF with Flash set to always ask first
use Roboform (free) version set to only store passwords on my PC .... NOT the cloud |
