[QUOTE=coolcolors;2776109]LastPass was master password that was the stolen.
And it has to assume the other person is given access to another users computer. So without this access that program can’t do much. And the person has to run it and assuming the user will let you use their computer let alone install something onto their computer. And it loads from memory so if they reboot and not running Keepass that program can’t do anything as well. So this program requires total free access without the user being there for this to work and for Keepass loaded and closed to work so without these two conditions met the program also is dead in the water.[/QUOTE]
The LifeHacker story was written June 15, 2015, but if you follow the link from the article to their blog (same as my link above), you will find an update from June 16, 2015:
[B]Was my master password exposed? [/B]
No, LastPass never has access to your master password. We use encryption and hashing algorithms of the highest standard to protect user data. We hash both the username and master password on the userâ€™s computer with 5,000 rounds of PBKDF2-SHA256, a password strengthening algorithm. That creates a key, on which we perform another round of hashing, to generate the master password authentication hash. That is sent to the LastPass server so that we can perform an authentication check as the user is logging in. We then take that value, and use a salt (a random string per user) and do another 100,000 rounds of hashing, and compare that to what is in our database. In laymanâ€™s terms: Cracking our algorithms is extremely difficult, even for the strongest of computers.
Were passwords or other data stored in my vault exposed? [/B]
No, your data is safe. Encrypted user vaults were not compromised, so no data stored in your vault is at risk (including form fill profiles, secure notes, site usernames and passwords). However if you used your master password for any other website, we do advise changing it â€“ on LastPass as well as on the other websites. Note that you should never reuse passwords â€“ especially your LastPass master password!