I have just read about the massive break-in to 'OneLogin' accounts, where the hackers were able to get decrypted passwords and full account information. They are also a single iog-in provider. Their public statement was:
In the past 24 hours, OneLogin sent out the following notice about a security incident:
“On Wednesday, May 31, 2017, we detected that there was unauthorized access to OneLogin data in our US data region. All customers served by our US data center are affected; customer data was compromised, including the ability to decrypt encrypted data. We have since blocked this unauthorized access, reported the matter to law enforcement, and are working with an independent security firm to assess how the unauthorized access happened and to verify the extent of the impact. We want our customers to know that the trust they have placed in us is paramount, and we have therefore created a set of required actions.”
While no site can be stated as being 100% hack-proof, I would hope with this recent attack on OneLogin, that LastPass is making a review of their 'defense' mechanisms, against hackers.