As written on their Blog (https://blog.lastpass.com) as of August 25th:
“Two weeks ago, we detected some unusual activity within portions of the LastPass development environment. After initiating an immediate investigation, we have seen no evidence that this incident involved any access to customer data or encrypted password vaults. “
Essentially they found a developer machine that was compromised, but did not see customer data or other data was compromised.
It is good to see that companies(especially a company one depends on like a password manager) are telling us when there are breaches.
There is an FAQ of which 1/2/3 the answer is NO info compromised.
1. Has my Master password or the Master Password of my users been compromised?
2. Has any data within my vault or my users’ vaults been compromised?
3. Has any of my personal information or the personal information of my users been compromised?
4. What should I do to protect myself and my vault data?
At this time, we don’t recommend any action on behalf of our users or administrators. As always, we recommend that you follow our best practices around setup and configuration of LastPass which can be found here.
It is imperative that companies are honest with breaches and discuss the problems as soon as the issue appears.
But the bottom line is the vault data (the usernames and passwords for which LastPass is tasked by it’s customers to safeguard) has to be protected by the LastPass and the user cannot do anything about that.
At some point one has to trust the company you bought the software from to do what they are supposed to. I suppose in a litigious society the only recourse is to sue, but that is not an easy road to hoe.
It behooves you to do some homework on past issues for your software and then keep an eye on the news. it is a never ending issue.
Contact us to discuss.