Dec 31, 2021
79 Views
0 0

Users report LastPass master passwords possibly compromised, company assures there's no breach

Written by

In brief: LastPass users began reporting login attempts from unknown locations using correct master passwords earlier this week. The password manager company claims these likely came from reused passwords uncovered from unrelated hacks, but some users disagree and have suggested various theories.
LastPass users on the Hacker News forum are reporting login attempts on old and inactive accounts. However, it does not appear to be isolated to defunct credentials. Others report getting email notifications of strange login attempts on newer active accounts.
After looking into the reports, LastPass released a statement claiming it doesn’t think the service itself was compromised. The company believes the credentials came from past unrelated service hacks. Some users on Hacker News say they got login notifications after recently switching to new, unique passwords.
UPDATE: To reiterate, we have no indication that #LastPass was breached or compromised.

Here’s how LastPass protects you and steps you can take to stay secure: https://t.co/gNNjx333ps pic.twitter.com/rcWSIo9Q1x
One theory on the forum suggests that someone is exploiting a LastPass browser extension vulnerability through an exceptionally well-crafted phishing site. The site is connected to an IP address associated with more than one of the login attempts, which appears to be from Brazil. Some other attempts came from India, and at least one other came from Thailand.
It’s important to note that none of the login attempts have penetrated LastPass’ two-factor authentication, which you should probably already be using for any service that offers it. Concerned users should also consider changing their master passwords.
TECHSPOT : Tech Enthusiasts, Power Users, Gamers
TechSpot is a registered trademark. About Us Ethics Statement Terms of Use Privacy Policy Change Ad Consent Advertise
© 2021 TechSpot, Inc. All Rights Reserved.

source

Article Categories:
Cybersecurity News

Comments are closed.