LastPass is a cloud-based password security site so reports that it was breached are particularly troubling.  The breach happened on Friday, June 12th but LastPass only sent alerts to account users on Monday, June 15th.  And from what Steven J. Vaughan-Nichols reported, not all LastPass account owners have received email notifications (zdnet.online.com; “Password site LastPass warns of data breach”; June 15).

In his article, Mr. Vaughan-Nichols quotes from the June 15th blog post by Joe Siegrist, the CEO of LastPass.  I read Mr. Siegrist’s blog post and urge all LastPass account users to read it (blog.lastpass.com June 15).  Mr. Vaughan-Nichols quotes from Mr. Siegrist’s blog in which he asserts that LastPass has no evidence that “encrypted user vault data was taken, nor that LastPass user accounts were accessed.”  LastPass is, per Mr. Siegrist’s blog, requiring all account users to update their master password.  They are not requiring or telling users to charge their site passwords because encrypted data wasn’t taken.

However, as Mr. Vaughan-Nichols reported, the LastPass servers are overloaded by account users trying to make the needed changes.

Let’s hope that the “good news” reported by Mr. Siegrist holds true.