Yesterday, LastPass released a statement that it had been the target of a hack that they discovered on Friday, and that the hack had accessed its users’ email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords. This is really worrying trend that a security company that manages passwords got hacked. Many of you will use LastPass but I choose MSecure and the cloud file is stored on your own Dropbox account.

“We are confident that our encryption measures are sufficient to protect the vast majority of users. LastPass strengthens the authentication hash with a random salt and 100,000 rounds of server-side PBKDF2-SHA256, in addition to the rounds performed client-side. This additional strengthening makes it difficult to attack the stolen hashes with any significant speed.

Nonetheless, we are taking additional measures to ensure that your data remains secure. We are requiring that all users who are logging in from a new device or IP address first verify their account by email, unless you have multifactor authentication enabled. As an added precaution, we will also be prompting users to update their master password.
An email is also being sent to all users regarding this security incident. We will also be prompting all users to change their master passwords. You do not need to update your master password until you see our prompt. However, if you have reused your master password on any other website, you should replace the passwords on those other websites.
Because encrypted user data was not taken, you do not need to change your passwords on sites stored in your LastPass vault. As always, we also recommend enabling multifactor authentication for added protection for your LastPass account.”

Source – https://blog.lastpass.com/2015/06/lastpass-security-notice.html/