This week LastPass announced a partnership with PwnedList, a website which identifies hacked accounts. PwnedList will make available its continuously updated database so that LastPass users can receive notifications for any username/password combinations that have been compromised.
Amber Gott, a LastPass spokesperson, explained how the new service will work: “We do batch checking nightly, against the whole PwnedList database. The service is free, and opt-out via an email sent to the user.”
If the nightly scan picks up a cracked credential, the user receives an email notification announcing that they should change the cracked password on not only the compromised site, but anywhere else they use the same username/password combination (which you shouldn’t be doing anyway).
LastPass is offering the PwnedList service to both Free and Premium users, as well as to those with Enterprise accounts. The service is currently available now, with the option to opt-out at any point.