Experts recommend password managers like LastPass as the easiest way to generate unique, strong security codes for every one of your online accounts—which sounds great, until that password manager itself is cracked, potentially offering attackers access to all the accounts it was designed to protect.

The Hack

On Monday password manager service LastPass admitted it had been the target of a hack that accessed its users' email addresses, encrypted master passwords, and the reminder words and phrases that the service asks users to create for those master passwords.

Who's Affected

The company says the cryptographic protections it has in place on those master passwords—which include "hashing" and "salting" functions designed to make cracking the underlying passwords nearly impossible—are enough to protect almost all of its users. But those with simple passwords or ones reused from other sites could still be vulnerable. "We are confident that our encryption measures are sufficient to protect the vast majority of users," LastPass CEO Joe Siegrist wrote in a note to customers. "Nonetheless, we are taking additional measures to ensure that your data remains secure, and users will be notified via email."