Thanks for the comment, David. The post actually addresses the fact that even LastPass thinks they may be overreacting. That doesn’t make the story any less valid, however — which I am sure you would agree if the outgoing data does contain email and password information, and especially if you found out it was yours.

Of course, you may have a strong, non-dictionary based password, but it is probably fair to say that most people still don’t. One of the main reasons for that is the inconvenience and how difficult they can be to remember — which was the reasoning behind the second part of the post. If you are going to have to change your master password anyway (and you are), it may as well be done right, yes?

As Evan says, “better safe than sorry.” It’s not about hits, man. It’s about spreading information.