According to security expert Steve Gibson, LastPass is still safe … after you take one action. And a further testament: Gibson still uses the service himself.
What action? Change your master LastPass password. And two-factor authentication does not exclude your need to do this. Two-factor authentication is still important and prudent, but it won’t protect you from this potential breach.
And about this breach. Apparently, LastPass representatives have only detected anomolous network traffic on a network when they did not expect it. Reportedly, they detected activity overnight on one of their networks when no employees were present. There is no confirmation that data was actually breached or stolen. LastPass is prescribing changing LastPass passwords out of prudence.
Oh, and make sure you have a complex and random password that is NOT stored in LastPass or used at any other site. Take this advice seriously! Be sure to record this password and store it in a truly safe place. And it would be a good idea to not record this password 100% accurately. Make a mental note of your modification. When your recorded password doesn’t work, then you’ll remember you modification. Re-enter this password and you’ll be in.
Security is not always convenient, but a breach or identity theft is a way bigger headache.