[gurchik]

> The MFA reset shouldn't be related to the increase in hash rounds, those are unrelated. So they must suspect the MFA seeds were also stolen, but aren't saying it, right?

They were stolen but weren't very clear about it.

From their summary of their latest security incident[1] it says attackers stole:

> Backup of LastPass MFA/Federation Database – contained copies of LastPass Authenticator seeds, telephone numbers used for the MFA backup option (if enabled), as well as a split knowledge component (the K2 “key”) used for LastPass federation (if enabled). This database was encrypted, but the separately-stored decryption key was included in the secrets stolen by the threat actor during the second incident.

This summary links to a page[2] with more information, but actually on this page they give less information, saying only:

> [Customer Secrets accessed includes] Multifactor Authentication (MFA) seeds - MFA seeds assigned to the user when they first registered their multifactor authenticator of choice to authenticate to the LastPass vault.

1: https://blog.lastpass.com/2023/03/security-incident-update-r...

2: https://support.lastpass.com/help/what-data-was-accessed