Password-management service LastPass announced today that it "discovered and blocked suspicious activity" on its network on Friday. While the company says that there is no evidence that user vault data (a user's stored passwords) was taken or that accounts were accessed, it did acknowledge that user email addresses, authentication hashes, password reminders and server per user salts were compromised. LastPass is confident that its encryption is strong enough to make attacking those stolen hashes with any speed difficult. But yeah, if you're a LastPass customer you should change your password. Even though LastPass recommends you change your password if you have a weak master password or use that password on multiple sites, you really should change your master password -- and switch on multifactor authentication -- just in case.