If you are, like me, a LastPass user then you need to change your master password. LastPass picked up on some suspicious activity in its logs and requires all users to change their master passwords as a precaution:
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we’re also forcing you to change your master password.
We take a close look at our logs and try to explain every anomaly we see. Tuesday morning we saw a network traffic anomaly for a few minutes from one of our non-critical machines. These happen occasionally, and we typically identify them as an employee or an automated script.
In this case, we couldn’t find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server). Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed.
I use LastPass in my browsers and on my mobile devices and it is an integral part of my digital security. I usually find tin foil hat people somewhat amusing but in this case, I welcome the tin foil hattery. The risk to your stuff may be small but go ahead and change your master password anyway. Its a good idea to change it from time to time.