LastPass, the popular password security tool used by consumers and companies to secure data, has been breached.
In a message posted to its website on Monday, LastPass CEO Joe Siegrist revealed that account email addresses and password reminders had been compromised, but it’s unclear how many users it affected.
“In our investigation, we have found no evidence that encrypted user vault data was taken, nor that LastPass user accounts were accessed,” wrote Siegrist.
The company is notifying users via email and requiring those logging in from a new device or IP address to verify their account through email (unless the user has multi-factor authentication enabled).
Additionally, the company is advising users to change their master passwords.
However, as of this writing, some users received error messages when trying to change their passwords.
This isn’t the first time the popular password manager has been compromised. In 2011, information on up to 1.25 million accounts was stolen by hackers and, in 2013, some Internet Explorer user passwords were exposed due to a software bug.